################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2025-11-11 19:00:13 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.57.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703220/; classtype:trojan-activity;sid:84566320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.234.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703218/; classtype:trojan-activity;sid:84566318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703216/; classtype:trojan-activity;sid:84566316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.60.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703217/; classtype:trojan-activity;sid:84566317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.34.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703215/; classtype:trojan-activity;sid:84566315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.219.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703214/; classtype:trojan-activity;sid:84566314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.15.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703213/; classtype:trojan-activity;sid:84566313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703211)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079848160/6p9fknt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703211/; classtype:trojan-activity;sid:84566311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.19.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703210/; classtype:trojan-activity;sid:84566310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.31.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703209/; classtype:trojan-activity;sid:84566309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703208)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/rsbe3bf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703208/; classtype:trojan-activity;sid:84566308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.57.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703207/; classtype:trojan-activity;sid:84566307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.113.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703203/; classtype:trojan-activity;sid:84566303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.50.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703204/; classtype:trojan-activity;sid:84566304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.220.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703205/; classtype:trojan-activity;sid:84566305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.125.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703206/; classtype:trojan-activity;sid:84566306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.203.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703195/; classtype:trojan-activity;sid:84566295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.194.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703196/; classtype:trojan-activity;sid:84566296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703197/; classtype:trojan-activity;sid:84566297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.40.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703198/; classtype:trojan-activity;sid:84566298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703199/; classtype:trojan-activity;sid:84566299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.197.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703200/; classtype:trojan-activity;sid:84566300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.125.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703189/; classtype:trojan-activity;sid:84566289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.203.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703190/; classtype:trojan-activity;sid:84566290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.159.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703191/; classtype:trojan-activity;sid:84566291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703184)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.14.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703184/; classtype:trojan-activity;sid:84566284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703181)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703181/; classtype:trojan-activity;sid:84566281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703180)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703180/; classtype:trojan-activity;sid:84566280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703177)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.55.3.72"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703177/; classtype:trojan-activity;sid:84566277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703178)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703178/; classtype:trojan-activity;sid:84566278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703176)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703176/; classtype:trojan-activity;sid:84566276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703174)"; flow:established,from_client; content:"GET"; http_method; content:"/application%20files/lockerno_1_0_0_11/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"121.163.139.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703174/; classtype:trojan-activity;sid:84566274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703173)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.211.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703173/; classtype:trojan-activity;sid:84566273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.253.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703170/; classtype:trojan-activity;sid:84566270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703168)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.85.177.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703168/; classtype:trojan-activity;sid:84566268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703169)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.177.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703169/; classtype:trojan-activity;sid:84566269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703162)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.211.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703162/; classtype:trojan-activity;sid:84566262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703161)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703161/; classtype:trojan-activity;sid:84566261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.235.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703160/; classtype:trojan-activity;sid:84566260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.152.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703159/; classtype:trojan-activity;sid:84566259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.113.53.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703158/; classtype:trojan-activity;sid:84566258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.51.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703157/; classtype:trojan-activity;sid:84566257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.87.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703156/; classtype:trojan-activity;sid:84566256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.90.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703155/; classtype:trojan-activity;sid:84566255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703154/; classtype:trojan-activity;sid:84566254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.113.53.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703153/; classtype:trojan-activity;sid:84566253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.236.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703152/; classtype:trojan-activity;sid:84566252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.170.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703151/; classtype:trojan-activity;sid:84566251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703150)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7516825766/tmc5qbu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703150/; classtype:trojan-activity;sid:84566250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.3.66"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703148/; classtype:trojan-activity;sid:84566248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.236.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703146/; classtype:trojan-activity;sid:84566246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.170.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703145/; classtype:trojan-activity;sid:84566245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.215.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703144/; classtype:trojan-activity;sid:84566244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.78.51.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703143/; classtype:trojan-activity;sid:84566243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.68.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703142/; classtype:trojan-activity;sid:84566242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.124.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703141/; classtype:trojan-activity;sid:84566241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.118.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703139/; classtype:trojan-activity;sid:84566239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.215.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703138/; classtype:trojan-activity;sid:84566238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.124.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703137/; classtype:trojan-activity;sid:84566237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.117.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703134/; classtype:trojan-activity;sid:84566234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.206.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703135/; classtype:trojan-activity;sid:84566235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.117.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703133/; classtype:trojan-activity;sid:84566233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.131.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703132/; classtype:trojan-activity;sid:84566232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.118.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703131/; classtype:trojan-activity;sid:84566231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.106.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703129/; classtype:trojan-activity;sid:84566229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.5.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703128/; classtype:trojan-activity;sid:84566228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.254.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703127/; classtype:trojan-activity;sid:84566227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703125/; classtype:trojan-activity;sid:84566225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.111.131.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703124/; classtype:trojan-activity;sid:84566224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.215.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703123/; classtype:trojan-activity;sid:84566223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703121)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703121/; classtype:trojan-activity;sid:84566221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703122)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703122/; classtype:trojan-activity;sid:84566222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703120)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703120/; classtype:trojan-activity;sid:84566220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703119/; classtype:trojan-activity;sid:84566219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.9.247"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703118/; classtype:trojan-activity;sid:84566218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703116/; classtype:trojan-activity;sid:84566216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.200.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703113/; classtype:trojan-activity;sid:84566213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703114/; classtype:trojan-activity;sid:84566214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.106.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703112/; classtype:trojan-activity;sid:84566212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.254.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703111/; classtype:trojan-activity;sid:84566211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.111.131.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703110/; classtype:trojan-activity;sid:84566210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.207.55.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703109/; classtype:trojan-activity;sid:84566209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.55.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703108/; classtype:trojan-activity;sid:84566208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.216.220.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703106/; classtype:trojan-activity;sid:84566206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.241.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703105/; classtype:trojan-activity;sid:84566205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703104/; classtype:trojan-activity;sid:84566204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.20.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703103/; classtype:trojan-activity;sid:84566203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.240.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703101/; classtype:trojan-activity;sid:84566201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.86.248.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703100/; classtype:trojan-activity;sid:84566200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.78.47.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703099/; classtype:trojan-activity;sid:84566199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.139.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703097/; classtype:trojan-activity;sid:84566197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.216.220.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703095/; classtype:trojan-activity;sid:84566195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.30.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703094/; classtype:trojan-activity;sid:84566194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703093/; classtype:trojan-activity;sid:84566193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.23.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703092/; classtype:trojan-activity;sid:84566192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.106.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703091/; classtype:trojan-activity;sid:84566191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.78.47.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703089/; classtype:trojan-activity;sid:84566189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.87.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703088/; classtype:trojan-activity;sid:84566188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.240.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703087/; classtype:trojan-activity;sid:84566187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.139.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703086/; classtype:trojan-activity;sid:84566186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.209.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703084/; classtype:trojan-activity;sid:84566184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.68.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703083/; classtype:trojan-activity;sid:84566183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.87.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703082/; classtype:trojan-activity;sid:84566182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.23.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703081/; classtype:trojan-activity;sid:84566181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.34.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703079/; classtype:trojan-activity;sid:84566179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.197.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703077/; classtype:trojan-activity;sid:84566177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.18.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703078/; classtype:trojan-activity;sid:84566178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.89.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703075/; classtype:trojan-activity;sid:84566175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.24.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703074/; classtype:trojan-activity;sid:84566174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.140.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703072/; classtype:trojan-activity;sid:84566172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.233.57.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703073/; classtype:trojan-activity;sid:84566173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.34.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703071/; classtype:trojan-activity;sid:84566171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.18.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703070/; classtype:trojan-activity;sid:84566170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.89.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703069/; classtype:trojan-activity;sid:84566169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.59.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703067/; classtype:trojan-activity;sid:84566167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.69.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703068/; classtype:trojan-activity;sid:84566168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.140.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703066/; classtype:trojan-activity;sid:84566166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.233.57.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703065/; classtype:trojan-activity;sid:84566165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.193.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703064/; classtype:trojan-activity;sid:84566164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.228.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703061/; classtype:trojan-activity;sid:84566161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.97.180.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703058/; classtype:trojan-activity;sid:84566158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.254.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703057/; classtype:trojan-activity;sid:84566157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.246.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703056/; classtype:trojan-activity;sid:84566156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.12.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703055/; classtype:trojan-activity;sid:84566155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.59.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703054/; classtype:trojan-activity;sid:84566154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.65.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703053/; classtype:trojan-activity;sid:84566153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.227.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703052/; classtype:trojan-activity;sid:84566152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.193.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703051/; classtype:trojan-activity;sid:84566151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.129.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703050/; classtype:trojan-activity;sid:84566150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.204.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703049/; classtype:trojan-activity;sid:84566149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.90.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703045/; classtype:trojan-activity;sid:84566145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.97.180.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703046/; classtype:trojan-activity;sid:84566146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703044)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.192.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703044/; classtype:trojan-activity;sid:84566144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703043)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.37.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703043/; classtype:trojan-activity;sid:84566143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703042)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703042/; classtype:trojan-activity;sid:84566142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703041)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.193.69.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703041/; classtype:trojan-activity;sid:84566141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.65.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703040/; classtype:trojan-activity;sid:84566140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.178.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703039/; classtype:trojan-activity;sid:84566139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.227.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703038/; classtype:trojan-activity;sid:84566138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703037)"; flow:established,from_client; content:"GET"; http_method; content:"/bcvv.wav"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.243.18.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703037/; classtype:trojan-activity;sid:84566137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.204.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703036/; classtype:trojan-activity;sid:84566136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.180.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703033/; classtype:trojan-activity;sid:84566133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.192.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703031/; classtype:trojan-activity;sid:84566131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.97.113.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703030/; classtype:trojan-activity;sid:84566130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703029/; classtype:trojan-activity;sid:84566129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.3.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703028/; classtype:trojan-activity;sid:84566128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.243.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703027/; classtype:trojan-activity;sid:84566127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.59.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703026/; classtype:trojan-activity;sid:84566126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.70.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703025/; classtype:trojan-activity;sid:84566125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703023)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/av.scr"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703023/; classtype:trojan-activity;sid:84566123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703024)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703024/; classtype:trojan-activity;sid:84566124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703022)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703022/; classtype:trojan-activity;sid:84566122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703021)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703021/; classtype:trojan-activity;sid:84566121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703018)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/03/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703018/; classtype:trojan-activity;sid:84566118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703019)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703019/; classtype:trojan-activity;sid:84566119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703020)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703020/; classtype:trojan-activity;sid:84566120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703013)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703013/; classtype:trojan-activity;sid:84566113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703014)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703014/; classtype:trojan-activity;sid:84566114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703015)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703015/; classtype:trojan-activity;sid:84566115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703016)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703016/; classtype:trojan-activity;sid:84566116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703017)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/photo.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703017/; classtype:trojan-activity;sid:84566117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.178.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703012/; classtype:trojan-activity;sid:84566112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.235.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703008/; classtype:trojan-activity;sid:84566108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703007/; classtype:trojan-activity;sid:84566107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703005/; classtype:trojan-activity;sid:84566105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.59.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703006/; classtype:trojan-activity;sid:84566106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.179.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703001/; classtype:trojan-activity;sid:84566101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.80.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702999/; classtype:trojan-activity;sid:84566099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702998/; classtype:trojan-activity;sid:84566098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702997/; classtype:trojan-activity;sid:84566097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702982/; classtype:trojan-activity;sid:84566082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702974)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702974/; classtype:trojan-activity;sid:84566074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702973)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702973/; classtype:trojan-activity;sid:84566073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702971)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702971/; classtype:trojan-activity;sid:84566071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702969)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702969/; classtype:trojan-activity;sid:84566069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702968)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702968/; classtype:trojan-activity;sid:84566068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702967/; classtype:trojan-activity;sid:84566067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702962)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702962/; classtype:trojan-activity;sid:84566062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702963)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702963/; classtype:trojan-activity;sid:84566063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702964)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702964/; classtype:trojan-activity;sid:84566064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702965)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702965/; classtype:trojan-activity;sid:84566065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702959)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702959/; classtype:trojan-activity;sid:84566059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702958/; classtype:trojan-activity;sid:84566058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702956)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702956/; classtype:trojan-activity;sid:84566056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702954)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702954/; classtype:trojan-activity;sid:84566054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702955)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702955/; classtype:trojan-activity;sid:84566055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702953)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702953/; classtype:trojan-activity;sid:84566053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702951)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702951/; classtype:trojan-activity;sid:84566051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702950)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702950/; classtype:trojan-activity;sid:84566050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702944)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702944/; classtype:trojan-activity;sid:84566044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702945)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702945/; classtype:trojan-activity;sid:84566045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702946)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702946/; classtype:trojan-activity;sid:84566046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702942)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702942/; classtype:trojan-activity;sid:84566042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702943)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.110.187.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702943/; classtype:trojan-activity;sid:84566043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702937/; classtype:trojan-activity;sid:84566037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702939)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702939/; classtype:trojan-activity;sid:84566039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702940)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.174.56.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702940/; classtype:trojan-activity;sid:84566040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702941)"; flow:established,from_client; content:"GET"; http_method; content:"/tv-garden_ver_12.03.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tv-garden-new5.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702941/; classtype:trojan-activity;sid:84566041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702926)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702926/; classtype:trojan-activity;sid:84566026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702925)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702925/; classtype:trojan-activity;sid:84566025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702922)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702922/; classtype:trojan-activity;sid:84566022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702923)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.213.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702923/; classtype:trojan-activity;sid:84566023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702915)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/starjoker88.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"starjoker88wing.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702915/; classtype:trojan-activity;sid:84566015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702916)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"goolges-tikitok.sbs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702916/; classtype:trojan-activity;sid:84566016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702917)"; flow:established,from_client; content:"GET"; http_method; content:"/bbwc/exewcsetup-1.0.0.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"d1z0mfyqx7ypd2.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702917/; classtype:trojan-activity;sid:84566017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702919)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702919/; classtype:trojan-activity;sid:84566019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702920)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.186.236.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702920/; classtype:trojan-activity;sid:84566020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702914)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702914/; classtype:trojan-activity;sid:84566014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702907)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.178.40.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702907/; classtype:trojan-activity;sid:84566007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702908)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702908/; classtype:trojan-activity;sid:84566008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702909)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702909/; classtype:trojan-activity;sid:84566009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702910)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.34.86.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702910/; classtype:trojan-activity;sid:84566010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702911)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.152.55.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702911/; classtype:trojan-activity;sid:84566011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702912)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.133.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702912/; classtype:trojan-activity;sid:84566012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702905)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702905/; classtype:trojan-activity;sid:84566005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702906)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.175.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702906/; classtype:trojan-activity;sid:84566006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702901)"; flow:established,from_client; content:"GET"; http_method; content:"/3389.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46603.cc"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702901/; classtype:trojan-activity;sid:84566001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.62.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702894/; classtype:trojan-activity;sid:84565994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.110.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702893/; classtype:trojan-activity;sid:84565993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.91.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702892/; classtype:trojan-activity;sid:84565992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.179.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702890/; classtype:trojan-activity;sid:84565990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.80.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702891/; classtype:trojan-activity;sid:84565991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.173.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702889/; classtype:trojan-activity;sid:84565989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.91.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702887/; classtype:trojan-activity;sid:84565987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.120.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702886/; classtype:trojan-activity;sid:84565986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.174.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702884/; classtype:trojan-activity;sid:84565984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.198.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702883/; classtype:trojan-activity;sid:84565983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.198.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702882/; classtype:trojan-activity;sid:84565982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702881)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702881/; classtype:trojan-activity;sid:84565981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.100.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702880/; classtype:trojan-activity;sid:84565980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.66.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702879/; classtype:trojan-activity;sid:84565979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.203.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702878/; classtype:trojan-activity;sid:84565978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.120.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702877/; classtype:trojan-activity;sid:84565977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.57.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702876/; classtype:trojan-activity;sid:84565976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.33.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702875/; classtype:trojan-activity;sid:84565975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.198.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702872/; classtype:trojan-activity;sid:84565972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.6.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702870/; classtype:trojan-activity;sid:84565970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.61.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702869/; classtype:trojan-activity;sid:84565969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.34.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702866/; classtype:trojan-activity;sid:84565966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.110.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702862/; classtype:trojan-activity;sid:84565962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.208.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702863/; classtype:trojan-activity;sid:84565963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.174.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702864/; classtype:trojan-activity;sid:84565964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.134.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702865/; classtype:trojan-activity;sid:84565965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.192.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702860/; classtype:trojan-activity;sid:84565960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.13.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702859/; classtype:trojan-activity;sid:84565959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.183.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702856/; classtype:trojan-activity;sid:84565956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.12.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702857/; classtype:trojan-activity;sid:84565957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.155.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702858/; classtype:trojan-activity;sid:84565958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.212.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702854/; classtype:trojan-activity;sid:84565954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.206.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702855/; classtype:trojan-activity;sid:84565955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.57.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702852/; classtype:trojan-activity;sid:84565952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.180.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702850/; classtype:trojan-activity;sid:84565950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.133.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702849/; classtype:trojan-activity;sid:84565949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.46.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702848/; classtype:trojan-activity;sid:84565948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.243.12.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702847/; classtype:trojan-activity;sid:84565947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.40.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702844/; classtype:trojan-activity;sid:84565944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.163.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702842/; classtype:trojan-activity;sid:84565942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.18.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702840/; classtype:trojan-activity;sid:84565940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.176.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702839/; classtype:trojan-activity;sid:84565939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.243.12.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702837/; classtype:trojan-activity;sid:84565937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.150.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702835/; classtype:trojan-activity;sid:84565935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.40.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702833/; classtype:trojan-activity;sid:84565933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.157.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702832/; classtype:trojan-activity;sid:84565932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.150.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702830/; classtype:trojan-activity;sid:84565930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.223.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702831/; classtype:trojan-activity;sid:84565931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.18.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702829/; classtype:trojan-activity;sid:84565929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.176.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702828/; classtype:trojan-activity;sid:84565928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702825/; classtype:trojan-activity;sid:84565925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.61.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702824/; classtype:trojan-activity;sid:84565924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.157.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702821/; classtype:trojan-activity;sid:84565921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.4.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702819/; classtype:trojan-activity;sid:84565919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.4.95"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702818/; classtype:trojan-activity;sid:84565918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.62.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702817/; classtype:trojan-activity;sid:84565917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.62.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702816/; classtype:trojan-activity;sid:84565916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.4.160"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702813/; classtype:trojan-activity;sid:84565913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.121.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702812/; classtype:trojan-activity;sid:84565912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.4.160"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702809/; classtype:trojan-activity;sid:84565909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.85.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702808/; classtype:trojan-activity;sid:84565908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.176.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702807/; classtype:trojan-activity;sid:84565907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.100.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702805/; classtype:trojan-activity;sid:84565905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.246.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702804/; classtype:trojan-activity;sid:84565904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.15.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702803/; classtype:trojan-activity;sid:84565903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.146.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702801/; classtype:trojan-activity;sid:84565901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.138.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702799/; classtype:trojan-activity;sid:84565899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702797/; classtype:trojan-activity;sid:84565897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.200.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702798/; classtype:trojan-activity;sid:84565898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.100.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702796/; classtype:trojan-activity;sid:84565896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702795/; classtype:trojan-activity;sid:84565895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.146.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702794/; classtype:trojan-activity;sid:84565894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702793/; classtype:trojan-activity;sid:84565893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.3.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702792/; classtype:trojan-activity;sid:84565892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702791/; classtype:trojan-activity;sid:84565891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.153.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702790/; classtype:trojan-activity;sid:84565890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.239.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702787/; classtype:trojan-activity;sid:84565887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.60.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702786/; classtype:trojan-activity;sid:84565886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702785/; classtype:trojan-activity;sid:84565885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702783)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/zibamzm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702783/; classtype:trojan-activity;sid:84565883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.60.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702782/; classtype:trojan-activity;sid:84565882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702779/; classtype:trojan-activity;sid:84565879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.213.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702778/; classtype:trojan-activity;sid:84565878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.27.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702775/; classtype:trojan-activity;sid:84565875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.62.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702773/; classtype:trojan-activity;sid:84565873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702770/; classtype:trojan-activity;sid:84565870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.121.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702771/; classtype:trojan-activity;sid:84565871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.15.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702772/; classtype:trojan-activity;sid:84565872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.213.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702769/; classtype:trojan-activity;sid:84565869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.158.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702767/; classtype:trojan-activity;sid:84565867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.181.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702766/; classtype:trojan-activity;sid:84565866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.35.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702763/; classtype:trojan-activity;sid:84565863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702762/; classtype:trojan-activity;sid:84565862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.102.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702761/; classtype:trojan-activity;sid:84565861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.187.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702759/; classtype:trojan-activity;sid:84565859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.230.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702760/; classtype:trojan-activity;sid:84565860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.145.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702757/; classtype:trojan-activity;sid:84565857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.181.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702756/; classtype:trojan-activity;sid:84565856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.33.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702755/; classtype:trojan-activity;sid:84565855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.15.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702753/; classtype:trojan-activity;sid:84565853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.229.34.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702750/; classtype:trojan-activity;sid:84565850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.4.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702747/; classtype:trojan-activity;sid:84565847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.233.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702748/; classtype:trojan-activity;sid:84565848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702746)"; flow:established,from_client; content:"GET"; http_method; content:"/dersnotlari/02/sora.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.notbak.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702746/; classtype:trojan-activity;sid:84565846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.61.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702741/; classtype:trojan-activity;sid:84565841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702742/; classtype:trojan-activity;sid:84565842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.10.90.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702743/; classtype:trojan-activity;sid:84565843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702738/; classtype:trojan-activity;sid:84565838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.93.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702736/; classtype:trojan-activity;sid:84565836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.83.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702735/; classtype:trojan-activity;sid:84565835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.145.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702734/; classtype:trojan-activity;sid:84565834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.184.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702732/; classtype:trojan-activity;sid:84565832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.80.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702730/; classtype:trojan-activity;sid:84565830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.83.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702727/; classtype:trojan-activity;sid:84565827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.135.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702726/; classtype:trojan-activity;sid:84565826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.80.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702725/; classtype:trojan-activity;sid:84565825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.156.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702724/; classtype:trojan-activity;sid:84565824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.43.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702721/; classtype:trojan-activity;sid:84565821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.156.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702720/; classtype:trojan-activity;sid:84565820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.135.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702719/; classtype:trojan-activity;sid:84565819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.85.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702718/; classtype:trojan-activity;sid:84565818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702716/; classtype:trojan-activity;sid:84565816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.129.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702715/; classtype:trojan-activity;sid:84565815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.134.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702713/; classtype:trojan-activity;sid:84565813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.81.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702710/; classtype:trojan-activity;sid:84565810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.209.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702707/; classtype:trojan-activity;sid:84565807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.110.181.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702705/; classtype:trojan-activity;sid:84565805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.209.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702704/; classtype:trojan-activity;sid:84565804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.180.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702703/; classtype:trojan-activity;sid:84565803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.209.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702702/; classtype:trojan-activity;sid:84565802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.133.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702701/; classtype:trojan-activity;sid:84565801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.209.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702700/; classtype:trojan-activity;sid:84565800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.110.181.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702699/; classtype:trojan-activity;sid:84565799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702697/; classtype:trojan-activity;sid:84565797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.241.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702696/; classtype:trojan-activity;sid:84565796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.40.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702695/; classtype:trojan-activity;sid:84565795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.218.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702694/; classtype:trojan-activity;sid:84565794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.147.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702693/; classtype:trojan-activity;sid:84565793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.184.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702692/; classtype:trojan-activity;sid:84565792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702691/; classtype:trojan-activity;sid:84565791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.105.0.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702690/; classtype:trojan-activity;sid:84565790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.211.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702689/; classtype:trojan-activity;sid:84565789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.39.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702687/; classtype:trojan-activity;sid:84565787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.53.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702688/; classtype:trojan-activity;sid:84565788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.147.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702686/; classtype:trojan-activity;sid:84565786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.97.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702685/; classtype:trojan-activity;sid:84565785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.178.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702684/; classtype:trojan-activity;sid:84565784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.210.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702683/; classtype:trojan-activity;sid:84565783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.96.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702682/; classtype:trojan-activity;sid:84565782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.49.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702681/; classtype:trojan-activity;sid:84565781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.53.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702680/; classtype:trojan-activity;sid:84565780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.72.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702679/; classtype:trojan-activity;sid:84565779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.49.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702678/; classtype:trojan-activity;sid:84565778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.178.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702676/; classtype:trojan-activity;sid:84565776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.100.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702677/; classtype:trojan-activity;sid:84565777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.107.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702675/; classtype:trojan-activity;sid:84565775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.225.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702674/; classtype:trojan-activity;sid:84565774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.66.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702673/; classtype:trojan-activity;sid:84565773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.30.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702672/; classtype:trojan-activity;sid:84565772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.225.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702671/; classtype:trojan-activity;sid:84565771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.89.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702670/; classtype:trojan-activity;sid:84565770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.108.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702669/; classtype:trojan-activity;sid:84565769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.33.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702668/; classtype:trojan-activity;sid:84565768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.150.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702667/; classtype:trojan-activity;sid:84565767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702666)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck/monkeyfucker"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"31.59.138.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702666/; classtype:trojan-activity;sid:84565766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.100.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702665/; classtype:trojan-activity;sid:84565765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.182.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702664/; classtype:trojan-activity;sid:84565764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.33.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702663/; classtype:trojan-activity;sid:84565763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702661)"; flow:established,from_client; content:"GET"; http_method; content:"/njasduiasgdy16742et1g2byewqdxaw/nuklear.x86"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"74.208.166.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702661/; classtype:trojan-activity;sid:84565761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702662/; classtype:trojan-activity;sid:84565762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.90.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702660/; classtype:trojan-activity;sid:84565760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702659)"; flow:established,from_client; content:"GET"; http_method; content:"/justice.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"195.170.172.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702659/; classtype:trojan-activity;sid:84565759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.90.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702658/; classtype:trojan-activity;sid:84565758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.89.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702657/; classtype:trojan-activity;sid:84565757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.239.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702656/; classtype:trojan-activity;sid:84565756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.15.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702652/; classtype:trojan-activity;sid:84565752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.164.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702653/; classtype:trojan-activity;sid:84565753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.31.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702654/; classtype:trojan-activity;sid:84565754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.150.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702655/; classtype:trojan-activity;sid:84565755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.49.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702651/; classtype:trojan-activity;sid:84565751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.30.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702647/; classtype:trojan-activity;sid:84565747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.59.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702648/; classtype:trojan-activity;sid:84565748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.255.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702649/; classtype:trojan-activity;sid:84565749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.255.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702650/; classtype:trojan-activity;sid:84565750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.82.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702644/; classtype:trojan-activity;sid:84565744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.208.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702645/; classtype:trojan-activity;sid:84565745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.209.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702646/; classtype:trojan-activity;sid:84565746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.91.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702643/; classtype:trojan-activity;sid:84565743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702642/; classtype:trojan-activity;sid:84565742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.148.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702641/; classtype:trojan-activity;sid:84565741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.140.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702640/; classtype:trojan-activity;sid:84565740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.34.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702639/; classtype:trojan-activity;sid:84565739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.28.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702638/; classtype:trojan-activity;sid:84565738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.255.176.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702637/; classtype:trojan-activity;sid:84565737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.86.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702636/; classtype:trojan-activity;sid:84565736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702635/; classtype:trojan-activity;sid:84565735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.148.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702633/; classtype:trojan-activity;sid:84565733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.200.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702634/; classtype:trojan-activity;sid:84565734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702632)"; flow:established,from_client; content:"GET"; http_method; content:"/pgb4losc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f5.night-bloom.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702632/; classtype:trojan-activity;sid:84565732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.136.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702631/; classtype:trojan-activity;sid:84565731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.175.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702630/; classtype:trojan-activity;sid:84565730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.255.176.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702629/; classtype:trojan-activity;sid:84565729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702628)"; flow:established,from_client; content:"GET"; http_method; content:"/mr1gatmx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"glade.night-bloom.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702628/; classtype:trojan-activity;sid:84565728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.37.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702627/; classtype:trojan-activity;sid:84565727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.71.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702626/; classtype:trojan-activity;sid:84565726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.80.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702625/; classtype:trojan-activity;sid:84565725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702624)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/x9heezy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702624/; classtype:trojan-activity;sid:84565724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702623)"; flow:established,from_client; content:"GET"; http_method; content:"/9n75cpdd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0ti.night-bloom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702623/; classtype:trojan-activity;sid:84565723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.133.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702622/; classtype:trojan-activity;sid:84565722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.75.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702621/; classtype:trojan-activity;sid:84565721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.175.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702620/; classtype:trojan-activity;sid:84565720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.130.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702619/; classtype:trojan-activity;sid:84565719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702618/; classtype:trojan-activity;sid:84565718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702617)"; flow:established,from_client; content:"GET"; http_method; content:"/bq81zw3d"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ember.sh4d0wmere.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702617/; classtype:trojan-activity;sid:84565717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.243.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702616/; classtype:trojan-activity;sid:84565716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.39.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702615/; classtype:trojan-activity;sid:84565715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.80.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702614/; classtype:trojan-activity;sid:84565714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.62.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702613/; classtype:trojan-activity;sid:84565713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702611)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"122.226.139.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702611/; classtype:trojan-activity;sid:84565711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.175.29.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702612/; classtype:trojan-activity;sid:84565712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702610)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.238.57.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702610/; classtype:trojan-activity;sid:84565710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702609)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.121.182.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702609/; classtype:trojan-activity;sid:84565709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.239.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702607/; classtype:trojan-activity;sid:84565707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702608)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"39.152.114.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702608/; classtype:trojan-activity;sid:84565708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.130.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702606/; classtype:trojan-activity;sid:84565706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.56.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702605/; classtype:trojan-activity;sid:84565705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.218.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702604/; classtype:trojan-activity;sid:84565704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.159.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702603/; classtype:trojan-activity;sid:84565703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702602)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.192.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702602/; classtype:trojan-activity;sid:84565702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702601)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_arm64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.192.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702601/; classtype:trojan-activity;sid:84565701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702600)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_386"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.192.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702600/; classtype:trojan-activity;sid:84565700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702599)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_linux_amd64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.192.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702599/; classtype:trojan-activity;sid:84565699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.39.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702598/; classtype:trojan-activity;sid:84565698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.172.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702597/; classtype:trojan-activity;sid:84565697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702595)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702595/; classtype:trojan-activity;sid:84565695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702596)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702596/; classtype:trojan-activity;sid:84565696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702594)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702594/; classtype:trojan-activity;sid:84565694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702593)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702593/; classtype:trojan-activity;sid:84565693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702592)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702592/; classtype:trojan-activity;sid:84565692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702591)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702591/; classtype:trojan-activity;sid:84565691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702587)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702587/; classtype:trojan-activity;sid:84565687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702588)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702588/; classtype:trojan-activity;sid:84565688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702589)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702589/; classtype:trojan-activity;sid:84565689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702590)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"9zs.my"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702590/; classtype:trojan-activity;sid:84565690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.13.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702586/; classtype:trojan-activity;sid:84565686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.172.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702585/; classtype:trojan-activity;sid:84565685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702584)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702584/; classtype:trojan-activity;sid:84565684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702583)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702583/; classtype:trojan-activity;sid:84565683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702580)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702580/; classtype:trojan-activity;sid:84565680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702581)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702581/; classtype:trojan-activity;sid:84565681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702582)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/1.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702582/; classtype:trojan-activity;sid:84565682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702578)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702578/; classtype:trojan-activity;sid:84565678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702579)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702579/; classtype:trojan-activity;sid:84565679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702573/; classtype:trojan-activity;sid:84565673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702574)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702574/; classtype:trojan-activity;sid:84565674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702575)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702575/; classtype:trojan-activity;sid:84565675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702576)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702576/; classtype:trojan-activity;sid:84565676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702577)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702577/; classtype:trojan-activity;sid:84565677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702566)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702566/; classtype:trojan-activity;sid:84565666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702567)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702567/; classtype:trojan-activity;sid:84565667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702568)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702568/; classtype:trojan-activity;sid:84565668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702569)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702569/; classtype:trojan-activity;sid:84565669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702570)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702570/; classtype:trojan-activity;sid:84565670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702571)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702571/; classtype:trojan-activity;sid:84565671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702572)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702572/; classtype:trojan-activity;sid:84565672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702563)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702563/; classtype:trojan-activity;sid:84565663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702564)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702564/; classtype:trojan-activity;sid:84565664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702565)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702565/; classtype:trojan-activity;sid:84565665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702562)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702562/; classtype:trojan-activity;sid:84565662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702561)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702561/; classtype:trojan-activity;sid:84565661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702559)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702559/; classtype:trojan-activity;sid:84565659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702560)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702560/; classtype:trojan-activity;sid:84565660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702553)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702553/; classtype:trojan-activity;sid:84565653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702554)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702554/; classtype:trojan-activity;sid:84565654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702555)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702555/; classtype:trojan-activity;sid:84565655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702556)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702556/; classtype:trojan-activity;sid:84565656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702557)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702557/; classtype:trojan-activity;sid:84565657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702558)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702558/; classtype:trojan-activity;sid:84565658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702548)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7799503374/oemrgz9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702548/; classtype:trojan-activity;sid:84565648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702549)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702549/; classtype:trojan-activity;sid:84565649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702550)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702550/; classtype:trojan-activity;sid:84565650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702551)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702551/; classtype:trojan-activity;sid:84565651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702552)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702552/; classtype:trojan-activity;sid:84565652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702547)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702547/; classtype:trojan-activity;sid:84565647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702544)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702544/; classtype:trojan-activity;sid:84565644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702545)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702545/; classtype:trojan-activity;sid:84565645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702546)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702546/; classtype:trojan-activity;sid:84565646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702543)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702543/; classtype:trojan-activity;sid:84565643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702539)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702539/; classtype:trojan-activity;sid:84565639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702540)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702540/; classtype:trojan-activity;sid:84565640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702541)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702541/; classtype:trojan-activity;sid:84565641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702542)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702542/; classtype:trojan-activity;sid:84565642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702537)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702537/; classtype:trojan-activity;sid:84565637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702538)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702538/; classtype:trojan-activity;sid:84565638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702535)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702535/; classtype:trojan-activity;sid:84565635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702536)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702536/; classtype:trojan-activity;sid:84565636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702534)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702534/; classtype:trojan-activity;sid:84565634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702531)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/1.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702531/; classtype:trojan-activity;sid:84565631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702532)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702532/; classtype:trojan-activity;sid:84565632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702533)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702533/; classtype:trojan-activity;sid:84565633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702527)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702527/; classtype:trojan-activity;sid:84565627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702528)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702528/; classtype:trojan-activity;sid:84565628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702529)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702529/; classtype:trojan-activity;sid:84565629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702530)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702530/; classtype:trojan-activity;sid:84565630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702523)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702523/; classtype:trojan-activity;sid:84565623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702524)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702524/; classtype:trojan-activity;sid:84565624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702525)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/1.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702525/; classtype:trojan-activity;sid:84565625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702526)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702526/; classtype:trojan-activity;sid:84565626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702521)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702521/; classtype:trojan-activity;sid:84565621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702522)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702522/; classtype:trojan-activity;sid:84565622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702520)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702520/; classtype:trojan-activity;sid:84565620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702516)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702516/; classtype:trojan-activity;sid:84565616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702517)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702517/; classtype:trojan-activity;sid:84565617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702518)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702518/; classtype:trojan-activity;sid:84565618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702519)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702519/; classtype:trojan-activity;sid:84565619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702512)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702512/; classtype:trojan-activity;sid:84565612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702513)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702513/; classtype:trojan-activity;sid:84565613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702514)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702514/; classtype:trojan-activity;sid:84565614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702515)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702515/; classtype:trojan-activity;sid:84565615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702506)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702506/; classtype:trojan-activity;sid:84565606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702507)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702507/; classtype:trojan-activity;sid:84565607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702508)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702508/; classtype:trojan-activity;sid:84565608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702509)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702509/; classtype:trojan-activity;sid:84565609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702510)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702510/; classtype:trojan-activity;sid:84565610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702511)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702511/; classtype:trojan-activity;sid:84565611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702505)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702505/; classtype:trojan-activity;sid:84565605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702500)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702500/; classtype:trojan-activity;sid:84565600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702501)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702501/; classtype:trojan-activity;sid:84565601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702502)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702502/; classtype:trojan-activity;sid:84565602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702503)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702503/; classtype:trojan-activity;sid:84565603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702504)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702504/; classtype:trojan-activity;sid:84565604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702498)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702498/; classtype:trojan-activity;sid:84565598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702499)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702499/; classtype:trojan-activity;sid:84565599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702493)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702493/; classtype:trojan-activity;sid:84565593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702494)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702494/; classtype:trojan-activity;sid:84565594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702495)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702495/; classtype:trojan-activity;sid:84565595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702496)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702496/; classtype:trojan-activity;sid:84565596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702497)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702497/; classtype:trojan-activity;sid:84565597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702491)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702491/; classtype:trojan-activity;sid:84565591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702492)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702492/; classtype:trojan-activity;sid:84565592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.218.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702490/; classtype:trojan-activity;sid:84565590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702489)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702489/; classtype:trojan-activity;sid:84565589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702487)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702487/; classtype:trojan-activity;sid:84565587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702488)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702488/; classtype:trojan-activity;sid:84565588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702484)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/1.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702484/; classtype:trojan-activity;sid:84565584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702485)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/1.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702485/; classtype:trojan-activity;sid:84565585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702486)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702486/; classtype:trojan-activity;sid:84565586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702481)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702481/; classtype:trojan-activity;sid:84565581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702482)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702482/; classtype:trojan-activity;sid:84565582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702483)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702483/; classtype:trojan-activity;sid:84565583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702479)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702479/; classtype:trojan-activity;sid:84565579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702480)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.teamc2.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702480/; classtype:trojan-activity;sid:84565580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702476)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mortex.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702476/; classtype:trojan-activity;sid:84565576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702477)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702477/; classtype:trojan-activity;sid:84565577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702478)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.mortex.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702478/; classtype:trojan-activity;sid:84565578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702475)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6589084083/mca4srr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702475/; classtype:trojan-activity;sid:84565575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702472)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702472/; classtype:trojan-activity;sid:84565572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702473)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702473/; classtype:trojan-activity;sid:84565573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702474)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702474/; classtype:trojan-activity;sid:84565574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702471)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702471/; classtype:trojan-activity;sid:84565571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702470)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702470/; classtype:trojan-activity;sid:84565570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702469)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702469/; classtype:trojan-activity;sid:84565569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702460)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702460/; classtype:trojan-activity;sid:84565560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702461)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702461/; classtype:trojan-activity;sid:84565561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702462)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702462/; classtype:trojan-activity;sid:84565562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702463)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702463/; classtype:trojan-activity;sid:84565563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702464)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702464/; classtype:trojan-activity;sid:84565564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702465)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702465/; classtype:trojan-activity;sid:84565565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702466)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702466/; classtype:trojan-activity;sid:84565566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702467)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702467/; classtype:trojan-activity;sid:84565567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702468)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702468/; classtype:trojan-activity;sid:84565568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702453)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702453/; classtype:trojan-activity;sid:84565553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702454)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702454/; classtype:trojan-activity;sid:84565554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702455)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702455/; classtype:trojan-activity;sid:84565555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702456)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702456/; classtype:trojan-activity;sid:84565556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702457)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702457/; classtype:trojan-activity;sid:84565557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702458)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702458/; classtype:trojan-activity;sid:84565558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702459)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702459/; classtype:trojan-activity;sid:84565559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702447)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702447/; classtype:trojan-activity;sid:84565547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702448)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702448/; classtype:trojan-activity;sid:84565548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702449)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702449/; classtype:trojan-activity;sid:84565549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702450)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702450/; classtype:trojan-activity;sid:84565550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702451)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702451/; classtype:trojan-activity;sid:84565551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702452)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702452/; classtype:trojan-activity;sid:84565552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702442)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702442/; classtype:trojan-activity;sid:84565542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702443)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702443/; classtype:trojan-activity;sid:84565543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702444)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702444/; classtype:trojan-activity;sid:84565544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702445)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702445/; classtype:trojan-activity;sid:84565545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702446)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702446/; classtype:trojan-activity;sid:84565546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702440)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702440/; classtype:trojan-activity;sid:84565540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702441)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702441/; classtype:trojan-activity;sid:84565541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702438)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702438/; classtype:trojan-activity;sid:84565538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702439)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702439/; classtype:trojan-activity;sid:84565539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702437)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702437/; classtype:trojan-activity;sid:84565537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702431)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702431/; classtype:trojan-activity;sid:84565531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702432)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702432/; classtype:trojan-activity;sid:84565532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702433)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702433/; classtype:trojan-activity;sid:84565533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702434)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702434/; classtype:trojan-activity;sid:84565534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702435)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702435/; classtype:trojan-activity;sid:84565535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702436)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702436/; classtype:trojan-activity;sid:84565536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702425)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702425/; classtype:trojan-activity;sid:84565525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702426)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702426/; classtype:trojan-activity;sid:84565526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702427)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702427/; classtype:trojan-activity;sid:84565527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702428)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702428/; classtype:trojan-activity;sid:84565528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702429)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702429/; classtype:trojan-activity;sid:84565529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702430)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702430/; classtype:trojan-activity;sid:84565530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702423)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702423/; classtype:trojan-activity;sid:84565523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702424)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702424/; classtype:trojan-activity;sid:84565524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702412)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702412/; classtype:trojan-activity;sid:84565512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702413)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702413/; classtype:trojan-activity;sid:84565513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702414)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702414/; classtype:trojan-activity;sid:84565514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702415/; classtype:trojan-activity;sid:84565515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702416)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702416/; classtype:trojan-activity;sid:84565516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702417)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702417/; classtype:trojan-activity;sid:84565517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702418)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702418/; classtype:trojan-activity;sid:84565518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702419)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702419/; classtype:trojan-activity;sid:84565519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702420)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702420/; classtype:trojan-activity;sid:84565520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702421)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702421/; classtype:trojan-activity;sid:84565521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702422)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702422/; classtype:trojan-activity;sid:84565522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702411)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"draft21.redirectme.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702411/; classtype:trojan-activity;sid:84565511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702405)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702405/; classtype:trojan-activity;sid:84565505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702406)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702406/; classtype:trojan-activity;sid:84565506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702407)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"www.hgame33.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702407/; classtype:trojan-activity;sid:84565507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702408)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702408/; classtype:trojan-activity;sid:84565508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702409)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"roi-en.info"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702409/; classtype:trojan-activity;sid:84565509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702410)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"hgame33.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702410/; classtype:trojan-activity;sid:84565510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702404)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"sharp-montalcini.196-251-72-110.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702404/; classtype:trojan-activity;sid:84565504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702403)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702403/; classtype:trojan-activity;sid:84565503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702402)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702402/; classtype:trojan-activity;sid:84565502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.232.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702400/; classtype:trojan-activity;sid:84565500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.56.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702401/; classtype:trojan-activity;sid:84565501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.83.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702399/; classtype:trojan-activity;sid:84565499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702398)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702398/; classtype:trojan-activity;sid:84565498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702396)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702396/; classtype:trojan-activity;sid:84565496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702397)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702397/; classtype:trojan-activity;sid:84565497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702395)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702395/; classtype:trojan-activity;sid:84565495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702394)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702394/; classtype:trojan-activity;sid:84565494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702393)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702393/; classtype:trojan-activity;sid:84565493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702392)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702392/; classtype:trojan-activity;sid:84565492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702391)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702391/; classtype:trojan-activity;sid:84565491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702388)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702388/; classtype:trojan-activity;sid:84565488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702389)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702389/; classtype:trojan-activity;sid:84565489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702390)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"objective-darwin.196-251-116-84.plesk.page"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702390/; classtype:trojan-activity;sid:84565490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702387)"; flow:established,from_client; content:"GET"; http_method; content:"/peculiar_advertisement.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"185.208.156.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702387/; classtype:trojan-activity;sid:84565487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702386/; classtype:trojan-activity;sid:84565486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.83.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702385/; classtype:trojan-activity;sid:84565485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702384/; classtype:trojan-activity;sid:84565484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702383/; classtype:trojan-activity;sid:84565483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702382/; classtype:trojan-activity;sid:84565482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702377/; classtype:trojan-activity;sid:84565477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702378/; classtype:trojan-activity;sid:84565478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702379/; classtype:trojan-activity;sid:84565479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702380/; classtype:trojan-activity;sid:84565480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702381/; classtype:trojan-activity;sid:84565481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702374/; classtype:trojan-activity;sid:84565474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702375/; classtype:trojan-activity;sid:84565475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702376)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702376/; classtype:trojan-activity;sid:84565476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702371)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702371/; classtype:trojan-activity;sid:84565471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702372)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702372/; classtype:trojan-activity;sid:84565472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/camp.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702373/; classtype:trojan-activity;sid:84565473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.19.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702370/; classtype:trojan-activity;sid:84565470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.93.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702369/; classtype:trojan-activity;sid:84565469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702368)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"sigdalokanolkas.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702368/; classtype:trojan-activity;sid:84565468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702367)"; flow:established,from_client; content:"GET"; http_method; content:"/pl.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702367/; classtype:trojan-activity;sid:84565467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702366)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702366/; classtype:trojan-activity;sid:84565466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702363)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702363/; classtype:trojan-activity;sid:84565463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702364)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702364/; classtype:trojan-activity;sid:84565464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702365)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702365/; classtype:trojan-activity;sid:84565465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702361)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702361/; classtype:trojan-activity;sid:84565461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702362)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702362/; classtype:trojan-activity;sid:84565462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702357)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702357/; classtype:trojan-activity;sid:84565457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702358)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702358/; classtype:trojan-activity;sid:84565458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702359)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702359/; classtype:trojan-activity;sid:84565459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702360)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702360/; classtype:trojan-activity;sid:84565460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702356)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botnet.hqdata.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702356/; classtype:trojan-activity;sid:84565456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702355)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702355/; classtype:trojan-activity;sid:84565455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702347)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702347/; classtype:trojan-activity;sid:84565447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702348)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702348/; classtype:trojan-activity;sid:84565448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702349)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702349/; classtype:trojan-activity;sid:84565449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702350)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702350/; classtype:trojan-activity;sid:84565450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702351)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702351/; classtype:trojan-activity;sid:84565451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702352)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702352/; classtype:trojan-activity;sid:84565452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702353)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702353/; classtype:trojan-activity;sid:84565453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702354)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702354/; classtype:trojan-activity;sid:84565454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702346)"; flow:established,from_client; content:"GET"; http_method; content:"/pl.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702346/; classtype:trojan-activity;sid:84565446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.66.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702345/; classtype:trojan-activity;sid:84565445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.232.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702344/; classtype:trojan-activity;sid:84565444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702343)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702343/; classtype:trojan-activity;sid:84565443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702342)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702342/; classtype:trojan-activity;sid:84565442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702341)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702341/; classtype:trojan-activity;sid:84565441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702340)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702340/; classtype:trojan-activity;sid:84565440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702339)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702339/; classtype:trojan-activity;sid:84565439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.19.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702338/; classtype:trojan-activity;sid:84565438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.103.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702336/; classtype:trojan-activity;sid:84565436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.200.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702337/; classtype:trojan-activity;sid:84565437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702335)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702335/; classtype:trojan-activity;sid:84565435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702334)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702334/; classtype:trojan-activity;sid:84565434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702333)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702333/; classtype:trojan-activity;sid:84565433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702330)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/y3nkmht.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702330/; classtype:trojan-activity;sid:84565430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702331)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702331/; classtype:trojan-activity;sid:84565431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702332)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7105790467/lvm9f63.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702332/; classtype:trojan-activity;sid:84565432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702326)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/av.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702326/; classtype:trojan-activity;sid:84565426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702327)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/film/photo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702327/; classtype:trojan-activity;sid:84565427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702328)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702328/; classtype:trojan-activity;sid:84565428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702329)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.73.56.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702329/; classtype:trojan-activity;sid:84565429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702320)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702320/; classtype:trojan-activity;sid:84565420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702321)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702321/; classtype:trojan-activity;sid:84565421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702322)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702322/; classtype:trojan-activity;sid:84565422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.59.61.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702323/; classtype:trojan-activity;sid:84565423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702324)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702324/; classtype:trojan-activity;sid:84565424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702325)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702325/; classtype:trojan-activity;sid:84565425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.160.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702310/; classtype:trojan-activity;sid:84565410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702311)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702311/; classtype:trojan-activity;sid:84565411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702312)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702312/; classtype:trojan-activity;sid:84565412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702313/; classtype:trojan-activity;sid:84565413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702314)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702314/; classtype:trojan-activity;sid:84565414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702315)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702315/; classtype:trojan-activity;sid:84565415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702316)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702316/; classtype:trojan-activity;sid:84565416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702317)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702317/; classtype:trojan-activity;sid:84565417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702318)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702318/; classtype:trojan-activity;sid:84565418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702319)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702319/; classtype:trojan-activity;sid:84565419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702308)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm6"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702308/; classtype:trojan-activity;sid:84565408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702309)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.9.146"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702309/; classtype:trojan-activity;sid:84565409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702306)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702306/; classtype:trojan-activity;sid:84565406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702307)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702307/; classtype:trojan-activity;sid:84565407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702302)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702302/; classtype:trojan-activity;sid:84565402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702303)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702303/; classtype:trojan-activity;sid:84565403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702304)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702304/; classtype:trojan-activity;sid:84565404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702305)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"asdad.florpeter.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702305/; classtype:trojan-activity;sid:84565405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702300)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702300/; classtype:trojan-activity;sid:84565400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702301)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/zluqke7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702301/; classtype:trojan-activity;sid:84565401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702299)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702299/; classtype:trojan-activity;sid:84565399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702297)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.ppc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702297/; classtype:trojan-activity;sid:84565397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702298)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702298/; classtype:trojan-activity;sid:84565398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702291)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.i686"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702291/; classtype:trojan-activity;sid:84565391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702292)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.spc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702292/; classtype:trojan-activity;sid:84565392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702293)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702293/; classtype:trojan-activity;sid:84565393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702294)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.x86_64"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702294/; classtype:trojan-activity;sid:84565394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702295)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm7"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702295/; classtype:trojan-activity;sid:84565395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702296)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.sh4"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702296/; classtype:trojan-activity;sid:84565396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702288)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm5"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702288/; classtype:trojan-activity;sid:84565388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702289)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702289/; classtype:trojan-activity;sid:84565389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702290)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.x86"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702290/; classtype:trojan-activity;sid:84565390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702287)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.m68k"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702287/; classtype:trojan-activity;sid:84565387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702286)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702286/; classtype:trojan-activity;sid:84565386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702283)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702283/; classtype:trojan-activity;sid:84565383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702284)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702284/; classtype:trojan-activity;sid:84565384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702285)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702285/; classtype:trojan-activity;sid:84565385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702279)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702279/; classtype:trojan-activity;sid:84565379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702280)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702280/; classtype:trojan-activity;sid:84565380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702281)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702281/; classtype:trojan-activity;sid:84565381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702282)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702282/; classtype:trojan-activity;sid:84565382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702276)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702276/; classtype:trojan-activity;sid:84565376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702277)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702277/; classtype:trojan-activity;sid:84565377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702278)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702278/; classtype:trojan-activity;sid:84565378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702275)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702275/; classtype:trojan-activity;sid:84565375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.59.61.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702274/; classtype:trojan-activity;sid:84565374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702266)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702266/; classtype:trojan-activity;sid:84565366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702267)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702267/; classtype:trojan-activity;sid:84565367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702268)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702268/; classtype:trojan-activity;sid:84565368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702269)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702269/; classtype:trojan-activity;sid:84565369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702270)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702270/; classtype:trojan-activity;sid:84565370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702271)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702271/; classtype:trojan-activity;sid:84565371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702272)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702272/; classtype:trojan-activity;sid:84565372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702273)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702273/; classtype:trojan-activity;sid:84565373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702264)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702264/; classtype:trojan-activity;sid:84565364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702265)"; flow:established,from_client; content:"GET"; http_method; content:"/trc/trc.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702265/; classtype:trojan-activity;sid:84565365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.30.76.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702263/; classtype:trojan-activity;sid:84565363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.160.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702262/; classtype:trojan-activity;sid:84565362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702259)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702259/; classtype:trojan-activity;sid:84565359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702260)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702260/; classtype:trojan-activity;sid:84565360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702261)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702261/; classtype:trojan-activity;sid:84565361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702258/; classtype:trojan-activity;sid:84565358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702252/; classtype:trojan-activity;sid:84565352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702253/; classtype:trojan-activity;sid:84565353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702254/; classtype:trojan-activity;sid:84565354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702255)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702255/; classtype:trojan-activity;sid:84565355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702256)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702256/; classtype:trojan-activity;sid:84565356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.gnueabihf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702257/; classtype:trojan-activity;sid:84565357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702251/; classtype:trojan-activity;sid:84565351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702239/; classtype:trojan-activity;sid:84565339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702240)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702240/; classtype:trojan-activity;sid:84565340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702241/; classtype:trojan-activity;sid:84565341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702242)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702242/; classtype:trojan-activity;sid:84565342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702243/; classtype:trojan-activity;sid:84565343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.241.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702244/; classtype:trojan-activity;sid:84565344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702245)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702245/; classtype:trojan-activity;sid:84565345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702246/; classtype:trojan-activity;sid:84565346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702247/; classtype:trojan-activity;sid:84565347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702248/; classtype:trojan-activity;sid:84565348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702249/; classtype:trojan-activity;sid:84565349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702250/; classtype:trojan-activity;sid:84565350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702236)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702236/; classtype:trojan-activity;sid:84565336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702237)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702237/; classtype:trojan-activity;sid:84565337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.30.149.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702238/; classtype:trojan-activity;sid:84565338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702235)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/gerbangslot777.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"heimao911.store"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702235/; classtype:trojan-activity;sid:84565335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702234)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702234/; classtype:trojan-activity;sid:84565334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702231)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702231/; classtype:trojan-activity;sid:84565331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702232)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702232/; classtype:trojan-activity;sid:84565332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702233)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702233/; classtype:trojan-activity;sid:84565333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702230)"; flow:established,from_client; content:"GET"; http_method; content:"/zvit.hta"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.159.189.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702230/; classtype:trojan-activity;sid:84565330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702229)"; flow:established,from_client; content:"GET"; http_method; content:"/download_prize/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"yandex-prize.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702229/; classtype:trojan-activity;sid:84565329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702228)"; flow:established,from_client; content:"GET"; http_method; content:"/2024/09/medibang-paint-mod-apk-premium-unlocked-v27.19.apk"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"dl7.apkhome.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702228/; classtype:trojan-activity;sid:84565328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.255.209.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702223/; classtype:trojan-activity;sid:84565323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.255.209.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702224/; classtype:trojan-activity;sid:84565324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702225)"; flow:established,from_client; content:"GET"; http_method; content:"/e-sports%20king.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"esportsking.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702225/; classtype:trojan-activity;sid:84565325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702226)"; flow:established,from_client; content:"GET"; http_method; content:"/api/microsoft/update/be53ff4f4b5daa.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"45.159.189.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702226/; classtype:trojan-activity;sid:84565326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702227)"; flow:established,from_client; content:"GET"; http_method; content:"/api/microsoft/update/updater.ps1"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.159.189.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702227/; classtype:trojan-activity;sid:84565327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702221)"; flow:established,from_client; content:"GET"; http_method; content:"/xp.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"segurancadigitalxp.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702221/; classtype:trojan-activity;sid:84565321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702222)"; flow:established,from_client; content:"GET"; http_method; content:"/static/file/kankan_kk360setup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"mtxxiusnhgbdgdv.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702222/; classtype:trojan-activity;sid:84565322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702220)"; flow:established,from_client; content:"GET"; http_method; content:"/files/acrobat_reader_v112.msi"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"adobe.apsalgida.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702220/; classtype:trojan-activity;sid:84565320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702216)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/gerbangslot777.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"rtpvip.live"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702216/; classtype:trojan-activity;sid:84565316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702217)"; flow:established,from_client; content:"GET"; http_method; content:"/api/microsoft/update/svshosts.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.159.189.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702217/; classtype:trojan-activity;sid:84565317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702218)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7255807194/bur1ybm.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702218/; classtype:trojan-activity;sid:84565318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702219)"; flow:established,from_client; content:"GET"; http_method; content:"/metatrade5.rar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"grandmarketsfx.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702219/; classtype:trojan-activity;sid:84565319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702215)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079848160/vndtqr7.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702215/; classtype:trojan-activity;sid:84565315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702214)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702214/; classtype:trojan-activity;sid:84565314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702212)"; flow:established,from_client; content:"GET"; http_method; content:"/exng8.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ifgirng49gn39gm.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702212/; classtype:trojan-activity;sid:84565312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702213)"; flow:established,from_client; content:"GET"; http_method; content:"/9ajmvfmb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lumen.sh4d0wmere.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702213/; classtype:trojan-activity;sid:84565313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702211)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.160.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702211/; classtype:trojan-activity;sid:84565311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702210)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.160.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702210/; classtype:trojan-activity;sid:84565310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702208)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702208/; classtype:trojan-activity;sid:84565308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702209)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702209/; classtype:trojan-activity;sid:84565309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702207)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.145.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702207/; classtype:trojan-activity;sid:84565307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702206)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.104.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702206/; classtype:trojan-activity;sid:84565306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702205)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.229.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702205/; classtype:trojan-activity;sid:84565305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702204)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702204/; classtype:trojan-activity;sid:84565304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702203)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.64.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702203/; classtype:trojan-activity;sid:84565303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702202)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702202/; classtype:trojan-activity;sid:84565302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702201)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702201/; classtype:trojan-activity;sid:84565301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702200)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.145.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702200/; classtype:trojan-activity;sid:84565300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702199)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702199/; classtype:trojan-activity;sid:84565299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702198)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.193.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702198/; classtype:trojan-activity;sid:84565298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702197)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.104.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702197/; classtype:trojan-activity;sid:84565297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702196)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.203.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702196/; classtype:trojan-activity;sid:84565296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702195)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.203.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702195/; classtype:trojan-activity;sid:84565295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702194)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702194/; classtype:trojan-activity;sid:84565294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702193)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.234.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702193/; classtype:trojan-activity;sid:84565293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702192)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702192/; classtype:trojan-activity;sid:84565292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702191/; classtype:trojan-activity;sid:84565291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702189)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702189/; classtype:trojan-activity;sid:84565289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702190)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702190/; classtype:trojan-activity;sid:84565290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702186)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702186/; classtype:trojan-activity;sid:84565286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702187)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702187/; classtype:trojan-activity;sid:84565287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702188)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702188/; classtype:trojan-activity;sid:84565288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702185)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702185/; classtype:trojan-activity;sid:84565285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702184)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702184/; classtype:trojan-activity;sid:84565284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702183)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702183/; classtype:trojan-activity;sid:84565283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702182)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.81.193.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702182/; classtype:trojan-activity;sid:84565282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702181)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702181/; classtype:trojan-activity;sid:84565281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702180)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702180/; classtype:trojan-activity;sid:84565280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702178)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702178/; classtype:trojan-activity;sid:84565278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702179)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.255.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702179/; classtype:trojan-activity;sid:84565279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702177)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702177/; classtype:trojan-activity;sid:84565277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702176)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702176/; classtype:trojan-activity;sid:84565276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702172)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702172/; classtype:trojan-activity;sid:84565272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702173)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/09/03/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702173/; classtype:trojan-activity;sid:84565273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702174)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/12/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702174/; classtype:trojan-activity;sid:84565274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702175)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/01/24/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702175/; classtype:trojan-activity;sid:84565275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702168)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.188.34.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702168/; classtype:trojan-activity;sid:84565268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702169)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702169/; classtype:trojan-activity;sid:84565269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702170)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702170/; classtype:trojan-activity;sid:84565270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702171)"; flow:established,from_client; content:"GET"; http_method; content:"/02/23/11/08/19/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702171/; classtype:trojan-activity;sid:84565271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702165)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702165/; classtype:trojan-activity;sid:84565265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702166)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702166/; classtype:trojan-activity;sid:84565266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702167)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702167/; classtype:trojan-activity;sid:84565267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702163)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/10/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702163/; classtype:trojan-activity;sid:84565263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702164)"; flow:established,from_client; content:"GET"; http_method; content:"/2019-10-29/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702164/; classtype:trojan-activity;sid:84565264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702160)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702160/; classtype:trojan-activity;sid:84565260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702161)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702161/; classtype:trojan-activity;sid:84565261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702162)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702162/; classtype:trojan-activity;sid:84565262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702159)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702159/; classtype:trojan-activity;sid:84565259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702154)"; flow:established,from_client; content:"GET"; http_method; content:"/2019/12/30/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702154/; classtype:trojan-activity;sid:84565254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702155)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/11/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702155/; classtype:trojan-activity;sid:84565255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702156)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702156/; classtype:trojan-activity;sid:84565256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702157)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702157/; classtype:trojan-activity;sid:84565257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702158)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702158/; classtype:trojan-activity;sid:84565258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702153)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702153/; classtype:trojan-activity;sid:84565253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702151)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.207.234.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702151/; classtype:trojan-activity;sid:84565251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702152)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702152/; classtype:trojan-activity;sid:84565252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702150)"; flow:established,from_client; content:"GET"; http_method; content:"/d/opi1g30i/exec.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.atteppzkf.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702150/; classtype:trojan-activity;sid:84565250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702148)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702148/; classtype:trojan-activity;sid:84565248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702149/; classtype:trojan-activity;sid:84565249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702147)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702147/; classtype:trojan-activity;sid:84565247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702144)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702144/; classtype:trojan-activity;sid:84565244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702145)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702145/; classtype:trojan-activity;sid:84565245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702146)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"126.209.37.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702146/; classtype:trojan-activity;sid:84565246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702140)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702140/; classtype:trojan-activity;sid:84565240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702141)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.88.150.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702141/; classtype:trojan-activity;sid:84565241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702142)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702142/; classtype:trojan-activity;sid:84565242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702143)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702143/; classtype:trojan-activity;sid:84565243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702139)"; flow:established,from_client; content:"GET"; http_method; content:"/2019-10-12/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702139/; classtype:trojan-activity;sid:84565239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702134)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702134/; classtype:trojan-activity;sid:84565234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702135)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702135/; classtype:trojan-activity;sid:84565235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702136)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702136/; classtype:trojan-activity;sid:84565236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702137)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702137/; classtype:trojan-activity;sid:84565237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702138)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702138/; classtype:trojan-activity;sid:84565238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702130)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702130/; classtype:trojan-activity;sid:84565230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702131)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702131/; classtype:trojan-activity;sid:84565231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702132)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702132/; classtype:trojan-activity;sid:84565232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702133)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.193.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702133/; classtype:trojan-activity;sid:84565233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702129)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702129/; classtype:trojan-activity;sid:84565229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702127)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702127/; classtype:trojan-activity;sid:84565227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702128)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702128/; classtype:trojan-activity;sid:84565228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702122)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702122/; classtype:trojan-activity;sid:84565222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702123)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702123/; classtype:trojan-activity;sid:84565223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702124)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/01/28/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702124/; classtype:trojan-activity;sid:84565224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702125)"; flow:established,from_client; content:"GET"; http_method; content:"/2023/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702125/; classtype:trojan-activity;sid:84565225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702126)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/09/02/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702126/; classtype:trojan-activity;sid:84565226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702120)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702120/; classtype:trojan-activity;sid:84565220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702121)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702121/; classtype:trojan-activity;sid:84565221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702118)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.113.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702118/; classtype:trojan-activity;sid:84565218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702119)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702119/; classtype:trojan-activity;sid:84565219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702117)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.186.236.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702117/; classtype:trojan-activity;sid:84565217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702114)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702114/; classtype:trojan-activity;sid:84565214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702115)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702115/; classtype:trojan-activity;sid:84565215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702116)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.240.184.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702116/; classtype:trojan-activity;sid:84565216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702104)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702104/; classtype:trojan-activity;sid:84565204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702105)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702105/; classtype:trojan-activity;sid:84565205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702106)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702106/; classtype:trojan-activity;sid:84565206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702107)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702107/; classtype:trojan-activity;sid:84565207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702108)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.248.167.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702108/; classtype:trojan-activity;sid:84565208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702109)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/03/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702109/; classtype:trojan-activity;sid:84565209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702110)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/08/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702110/; classtype:trojan-activity;sid:84565210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702111)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/01/08/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702111/; classtype:trojan-activity;sid:84565211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702112)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/09/23/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702112/; classtype:trojan-activity;sid:84565212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702113)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/01/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702113/; classtype:trojan-activity;sid:84565213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702102)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702102/; classtype:trojan-activity;sid:84565202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702103)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702103/; classtype:trojan-activity;sid:84565203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.252.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702101/; classtype:trojan-activity;sid:84565201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702100/; classtype:trojan-activity;sid:84565200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.236.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702099/; classtype:trojan-activity;sid:84565199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.199.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702098/; classtype:trojan-activity;sid:84565198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702096/; classtype:trojan-activity;sid:84565196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.36.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702097/; classtype:trojan-activity;sid:84565197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702095)"; flow:established,from_client; content:"GET"; http_method; content:"/ib3gkdbv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lumen.sh4d0wmere.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702095/; classtype:trojan-activity;sid:84565195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.219.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702094/; classtype:trojan-activity;sid:84565194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.88.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702093/; classtype:trojan-activity;sid:84565193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.32.4.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702092/; classtype:trojan-activity;sid:84565192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.202.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702089/; classtype:trojan-activity;sid:84565189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.236.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702090/; classtype:trojan-activity;sid:84565190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.203.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702091/; classtype:trojan-activity;sid:84565191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.252.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702088/; classtype:trojan-activity;sid:84565188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.228.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702084/; classtype:trojan-activity;sid:84565184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.155.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702085/; classtype:trojan-activity;sid:84565185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.12.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702086/; classtype:trojan-activity;sid:84565186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.117.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702087/; classtype:trojan-activity;sid:84565187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.109.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702078/; classtype:trojan-activity;sid:84565178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702079/; classtype:trojan-activity;sid:84565179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.225.55.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702080/; classtype:trojan-activity;sid:84565180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.168.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702081/; classtype:trojan-activity;sid:84565181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.50.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702082/; classtype:trojan-activity;sid:84565182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.53.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702083/; classtype:trojan-activity;sid:84565183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.135.160.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702077/; classtype:trojan-activity;sid:84565177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.49.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702076/; classtype:trojan-activity;sid:84565176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702075)"; flow:established,from_client; content:"GET"; http_method; content:"/v3oakt95"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pike.ci2udforge.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702075/; classtype:trojan-activity;sid:84565175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.199.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702074/; classtype:trojan-activity;sid:84565174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.29.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702073/; classtype:trojan-activity;sid:84565173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.219.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702072/; classtype:trojan-activity;sid:84565172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702071/; classtype:trojan-activity;sid:84565171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.64.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702070/; classtype:trojan-activity;sid:84565170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.35.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702069/; classtype:trojan-activity;sid:84565169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702068)"; flow:established,from_client; content:"GET"; http_method; content:"/avhrehn8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.ci2udforge.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702068/; classtype:trojan-activity;sid:84565168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.53.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702067/; classtype:trojan-activity;sid:84565167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.152.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702066/; classtype:trojan-activity;sid:84565166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.119.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702065/; classtype:trojan-activity;sid:84565165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702064)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079848160/ebqrofo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702064/; classtype:trojan-activity;sid:84565164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.35.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702063/; classtype:trojan-activity;sid:84565163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.100.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702062/; classtype:trojan-activity;sid:84565162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.194.28.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702061/; classtype:trojan-activity;sid:84565161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.3.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702060/; classtype:trojan-activity;sid:84565160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.73.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702059/; classtype:trojan-activity;sid:84565159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.108.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702057/; classtype:trojan-activity;sid:84565157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.197.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702058/; classtype:trojan-activity;sid:84565158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702056)"; flow:established,from_client; content:"GET"; http_method; content:"/17a45hu9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"haze.m1stwander.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702056/; classtype:trojan-activity;sid:84565156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.225.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702055/; classtype:trojan-activity;sid:84565155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.53.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702054/; classtype:trojan-activity;sid:84565154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.38.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702053/; classtype:trojan-activity;sid:84565153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.119.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702052/; classtype:trojan-activity;sid:84565152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702051)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.227.244.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702051/; classtype:trojan-activity;sid:84565151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702050/; classtype:trojan-activity;sid:84565150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.3.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702049/; classtype:trojan-activity;sid:84565149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.100.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702048/; classtype:trojan-activity;sid:84565148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.197.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702047/; classtype:trojan-activity;sid:84565147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702046)"; flow:established,from_client; content:"GET"; http_method; content:"/pjo6pao2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t0.emberglade.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702046/; classtype:trojan-activity;sid:84565146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.108.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702045/; classtype:trojan-activity;sid:84565145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.35.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702044/; classtype:trojan-activity;sid:84565144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.82.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702043/; classtype:trojan-activity;sid:84565143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702042/; classtype:trojan-activity;sid:84565142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.38.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702041/; classtype:trojan-activity;sid:84565141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.57.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702040/; classtype:trojan-activity;sid:84565140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702039)"; flow:established,from_client; content:"GET"; http_method; content:"/glzxf123"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"silver.emberglade.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702039/; classtype:trojan-activity;sid:84565139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.227.53.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702038/; classtype:trojan-activity;sid:84565138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702037/; classtype:trojan-activity;sid:84565137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.152.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702036/; classtype:trojan-activity;sid:84565136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.234.239.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702035/; classtype:trojan-activity;sid:84565135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702034)"; flow:established,from_client; content:"GET"; http_method; content:"/qdx3qog9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7e8g.brambleforge.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702034/; classtype:trojan-activity;sid:84565134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.53.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702033/; classtype:trojan-activity;sid:84565133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702032)"; flow:established,from_client; content:"GET"; http_method; content:"/xpdnu78k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nb.brambleforge.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702032/; classtype:trojan-activity;sid:84565132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702031)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/hzzkmbu.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702031/; classtype:trojan-activity;sid:84565131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.51.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702030/; classtype:trojan-activity;sid:84565130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702029/; classtype:trojan-activity;sid:84565129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702028)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6555237020/4rfwlkd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702028/; classtype:trojan-activity;sid:84565128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702027)"; flow:established,from_client; content:"GET"; http_method; content:"/9qjhhmpv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5a0.ember-cross.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702027/; classtype:trojan-activity;sid:84565127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.19.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702026/; classtype:trojan-activity;sid:84565126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702025)"; flow:established,from_client; content:"GET"; http_method; content:"/fyjq0bfq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"25ow.ember-cross.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702025/; classtype:trojan-activity;sid:84565125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702024)"; flow:established,from_client; content:"GET"; http_method; content:"/hh4ecchd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufel.ember-cross.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702024/; classtype:trojan-activity;sid:84565124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.158.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702023/; classtype:trojan-activity;sid:84565123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702022)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/08/win64.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"www.bdbarrandov.cz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702022/; classtype:trojan-activity;sid:84565122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.210.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702021/; classtype:trojan-activity;sid:84565121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702020/; classtype:trojan-activity;sid:84565120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.210.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702019/; classtype:trojan-activity;sid:84565119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.235.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702018/; classtype:trojan-activity;sid:84565118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702017)"; flow:established,from_client; content:"GET"; http_method; content:"/c9le1lud"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ptk.0-pal-summit.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702017/; classtype:trojan-activity;sid:84565117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.158.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702016/; classtype:trojan-activity;sid:84565116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702015)"; flow:established,from_client; content:"GET"; http_method; content:"/so44m3tc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ch.0-pal-summit.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702015/; classtype:trojan-activity;sid:84565115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.147.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702014/; classtype:trojan-activity;sid:84565114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.210.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702013/; classtype:trojan-activity;sid:84565113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702012/; classtype:trojan-activity;sid:84565112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702011)"; flow:established,from_client; content:"GET"; http_method; content:"/hmsgl56f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"drift.frost-wilder.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702011/; classtype:trojan-activity;sid:84565111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702010)"; flow:established,from_client; content:"GET"; http_method; content:"/6x8xaas6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"br.frost-wilder.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702010/; classtype:trojan-activity;sid:84565110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.8.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702009/; classtype:trojan-activity;sid:84565109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.46.195.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702008/; classtype:trojan-activity;sid:84565108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.147.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702007/; classtype:trojan-activity;sid:84565107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.172.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702006/; classtype:trojan-activity;sid:84565106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702005/; classtype:trojan-activity;sid:84565105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.220.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702004/; classtype:trojan-activity;sid:84565104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.63.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702003/; classtype:trojan-activity;sid:84565103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702002)"; flow:established,from_client; content:"GET"; http_method; content:"/crypted_client.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.115.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702002/; classtype:trojan-activity;sid:84565102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702001/; classtype:trojan-activity;sid:84565101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.69.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702000/; classtype:trojan-activity;sid:84565100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.20.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701999/; classtype:trojan-activity;sid:84565099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.8.190"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701998/; classtype:trojan-activity;sid:84565098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701997/; classtype:trojan-activity;sid:84565097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701996)"; flow:established,from_client; content:"GET"; http_method; content:"/rivkkpdl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"marsh.embercross.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701996/; classtype:trojan-activity;sid:84565096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.203.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701995/; classtype:trojan-activity;sid:84565095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.112.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701994/; classtype:trojan-activity;sid:84565094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701993/; classtype:trojan-activity;sid:84565093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.168.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701992/; classtype:trojan-activity;sid:84565092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.63.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701991/; classtype:trojan-activity;sid:84565091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.64.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701989/; classtype:trojan-activity;sid:84565089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.211.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701990/; classtype:trojan-activity;sid:84565090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701988/; classtype:trojan-activity;sid:84565088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.203.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701987/; classtype:trojan-activity;sid:84565087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.182.225.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701986/; classtype:trojan-activity;sid:84565086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.112.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701985/; classtype:trojan-activity;sid:84565085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701984)"; flow:established,from_client; content:"GET"; http_method; content:"/jwd64cxr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"flare.frost-wilder.online"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701984/; classtype:trojan-activity;sid:84565084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.182.225.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701983/; classtype:trojan-activity;sid:84565083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.246.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701982/; classtype:trojan-activity;sid:84565082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701981)"; flow:established,from_client; content:"GET"; http_method; content:"/fqhi7dtg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4shn.t1decrystai.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701981/; classtype:trojan-activity;sid:84565081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701980/; classtype:trojan-activity;sid:84565080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.207.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701979/; classtype:trojan-activity;sid:84565079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.182.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701978/; classtype:trojan-activity;sid:84565078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.29.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701977/; classtype:trojan-activity;sid:84565077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701974/; classtype:trojan-activity;sid:84565074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.3.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701975/; classtype:trojan-activity;sid:84565075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.245.38.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701976/; classtype:trojan-activity;sid:84565076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.197.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701973/; classtype:trojan-activity;sid:84565073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.155.2.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701972/; classtype:trojan-activity;sid:84565072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701970)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.146.23.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701970/; classtype:trojan-activity;sid:84565070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.140.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701971/; classtype:trojan-activity;sid:84565071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.11.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701968/; classtype:trojan-activity;sid:84565068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.155.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701969/; classtype:trojan-activity;sid:84565069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.245.38.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701965/; classtype:trojan-activity;sid:84565065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.57.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701966/; classtype:trojan-activity;sid:84565066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.253.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701967/; classtype:trojan-activity;sid:84565067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.33.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701964/; classtype:trojan-activity;sid:84565064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701963)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701963/; classtype:trojan-activity;sid:84565063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.211.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701962/; classtype:trojan-activity;sid:84565062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.182.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701960/; classtype:trojan-activity;sid:84565060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701961/; classtype:trojan-activity;sid:84565061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701959)"; flow:established,from_client; content:"GET"; http_method; content:"/8a2p81l3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vale.cioudharbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701959/; classtype:trojan-activity;sid:84565059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701958)"; flow:established,from_client; content:"GET"; http_method; content:"/w2p3wczy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pine.cioudharbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701958/; classtype:trojan-activity;sid:84565058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.84.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701957/; classtype:trojan-activity;sid:84565057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701956/; classtype:trojan-activity;sid:84565056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701955)"; flow:established,from_client; content:"GET"; http_method; content:"/ccexu66a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ib.stormglade.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701955/; classtype:trojan-activity;sid:84565055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.192.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701954/; classtype:trojan-activity;sid:84565054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.148.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701953/; classtype:trojan-activity;sid:84565053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701952)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701952/; classtype:trojan-activity;sid:84565052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701951)"; flow:established,from_client; content:"GET"; http_method; content:"/p6wvg5y1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tiq.stormglade.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701951/; classtype:trojan-activity;sid:84565051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701950)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701950/; classtype:trojan-activity;sid:84565050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701947)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701947/; classtype:trojan-activity;sid:84565047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701948)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701948/; classtype:trojan-activity;sid:84565048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701949)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701949/; classtype:trojan-activity;sid:84565049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701946)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701946/; classtype:trojan-activity;sid:84565046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701939/; classtype:trojan-activity;sid:84565039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.172.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701940/; classtype:trojan-activity;sid:84565040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.40.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701941/; classtype:trojan-activity;sid:84565041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.143.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701942/; classtype:trojan-activity;sid:84565042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701943)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"94.156.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701943/; classtype:trojan-activity;sid:84565043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.183.146"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701944/; classtype:trojan-activity;sid:84565044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.84.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701945/; classtype:trojan-activity;sid:84565045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701938)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.5.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701938/; classtype:trojan-activity;sid:84565038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701937)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.5.164"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701937/; classtype:trojan-activity;sid:84565037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701936)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.121.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701936/; classtype:trojan-activity;sid:84565036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701935)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.240.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701935/; classtype:trojan-activity;sid:84565035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701934)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701934/; classtype:trojan-activity;sid:84565034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701933)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.115.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701933/; classtype:trojan-activity;sid:84565033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701932)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.115.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701932/; classtype:trojan-activity;sid:84565032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701931)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.198.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701931/; classtype:trojan-activity;sid:84565031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701930)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.198.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701930/; classtype:trojan-activity;sid:84565030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701929)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.198.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701929/; classtype:trojan-activity;sid:84565029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701928)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701928/; classtype:trojan-activity;sid:84565028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701926)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701926/; classtype:trojan-activity;sid:84565026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701927)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.95.50.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701927/; classtype:trojan-activity;sid:84565027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701925)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701925/; classtype:trojan-activity;sid:84565025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701924)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701924/; classtype:trojan-activity;sid:84565024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701923)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701923/; classtype:trojan-activity;sid:84565023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701922)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/6904a6e81f0c5_crypted.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.56.135.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701922/; classtype:trojan-activity;sid:84565022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701920)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701920/; classtype:trojan-activity;sid:84565020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701921)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.84.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701921/; classtype:trojan-activity;sid:84565021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701918)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701918/; classtype:trojan-activity;sid:84565018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701919)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701919/; classtype:trojan-activity;sid:84565019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701917)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.139.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701917/; classtype:trojan-activity;sid:84565017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701916)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.84.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701916/; classtype:trojan-activity;sid:84565016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701911)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701911/; classtype:trojan-activity;sid:84565011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701912)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.125.190.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701912/; classtype:trojan-activity;sid:84565012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701913)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.139.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701913/; classtype:trojan-activity;sid:84565013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701914)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701914/; classtype:trojan-activity;sid:84565014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701915)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701915/; classtype:trojan-activity;sid:84565015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701908)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701908/; classtype:trojan-activity;sid:84565008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701909)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.114.65.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701909/; classtype:trojan-activity;sid:84565009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701910/; classtype:trojan-activity;sid:84565010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701905)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701905/; classtype:trojan-activity;sid:84565005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701906)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701906/; classtype:trojan-activity;sid:84565006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701907/; classtype:trojan-activity;sid:84565007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701900)"; flow:established,from_client; content:"GET"; http_method; content:"/0inst2.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.planner5dl.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701900/; classtype:trojan-activity;sid:84565000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701901/; classtype:trojan-activity;sid:84565001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701902/; classtype:trojan-activity;sid:84565002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701903/; classtype:trojan-activity;sid:84565003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701904/; classtype:trojan-activity;sid:84565004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701896)"; flow:established,from_client; content:"GET"; http_method; content:"/dev_hdd0/tmp/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701896/; classtype:trojan-activity;sid:84564996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701897)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/friendtrophy/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701897/; classtype:trojan-activity;sid:84564997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701898)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/downloader/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701898/; classtype:trojan-activity;sid:84564998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701899)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701899/; classtype:trojan-activity;sid:84564999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701895/; classtype:trojan-activity;sid:84564995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701892)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.219.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701892/; classtype:trojan-activity;sid:84564992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.219.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701893/; classtype:trojan-activity;sid:84564993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701894)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701894/; classtype:trojan-activity;sid:84564994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701890)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5878897896/njtwqnm.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701890/; classtype:trojan-activity;sid:84564990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701891)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701891/; classtype:trojan-activity;sid:84564991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701883/; classtype:trojan-activity;sid:84564983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701884)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701884/; classtype:trojan-activity;sid:84564984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701885)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701885/; classtype:trojan-activity;sid:84564985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701886)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/wm_icons/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701886/; classtype:trojan-activity;sid:84564986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701887)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/packages/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701887/; classtype:trojan-activity;sid:84564987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701888)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/wm_res/setup/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701888/; classtype:trojan-activity;sid:84564988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701889)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701889/; classtype:trojan-activity;sid:84564989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701882/; classtype:trojan-activity;sid:84564982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701873)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701873/; classtype:trojan-activity;sid:84564973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701874/; classtype:trojan-activity;sid:84564974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701875/; classtype:trojan-activity;sid:84564975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701876)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701876/; classtype:trojan-activity;sid:84564976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701877)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701877/; classtype:trojan-activity;sid:84564977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701878)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.43.85.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701878/; classtype:trojan-activity;sid:84564978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701879)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.16.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701879/; classtype:trojan-activity;sid:84564979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701880/; classtype:trojan-activity;sid:84564980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.88.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701881/; classtype:trojan-activity;sid:84564981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701868)"; flow:established,from_client; content:"GET"; http_method; content:"/dev_hdd0/tmp/wm_res/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701868/; classtype:trojan-activity;sid:84564968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701869)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701869/; classtype:trojan-activity;sid:84564969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701870)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/wm_combo/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701870/; classtype:trojan-activity;sid:84564970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701871)"; flow:established,from_client; content:"GET"; http_method; content:"/dev_hdd0/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701871/; classtype:trojan-activity;sid:84564971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701872)"; flow:established,from_client; content:"GET"; http_method; content:"/mount.ps3/dev_hdd0/tmp/fimcross/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701872/; classtype:trojan-activity;sid:84564972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701867)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.174.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701867/; classtype:trojan-activity;sid:84564967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701863)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5878897896/xhtmjkl.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701863/; classtype:trojan-activity;sid:84564963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701864)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.81.174.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701864/; classtype:trojan-activity;sid:84564964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701865)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.174.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701865/; classtype:trojan-activity;sid:84564965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701866)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.174.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701866/; classtype:trojan-activity;sid:84564966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701862)"; flow:established,from_client; content:"GET"; http_method; content:"/m022rj17"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x1.m1dnightr0ad.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701862/; classtype:trojan-activity;sid:84564962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.120.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701861/; classtype:trojan-activity;sid:84564961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.152.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701860/; classtype:trojan-activity;sid:84564960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.148.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701859/; classtype:trojan-activity;sid:84564959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701858)"; flow:established,from_client; content:"GET"; http_method; content:"/mkq8r6cc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mica.frostwilder.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701858/; classtype:trojan-activity;sid:84564958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.143.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701857/; classtype:trojan-activity;sid:84564957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.206.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701856/; classtype:trojan-activity;sid:84564956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.192.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701855/; classtype:trojan-activity;sid:84564955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701854)"; flow:established,from_client; content:"GET"; http_method; content:"/cn13k9jy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bh.frostwilder.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701854/; classtype:trojan-activity;sid:84564954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701853)"; flow:established,from_client; content:"GET"; http_method; content:"/ouxqzymx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0i.frostwilder.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701853/; classtype:trojan-activity;sid:84564953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701852/; classtype:trojan-activity;sid:84564952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.7.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701851/; classtype:trojan-activity;sid:84564951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701850)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1824233174/xqqtmnd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701850/; classtype:trojan-activity;sid:84564950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.11.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701849/; classtype:trojan-activity;sid:84564949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.197.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701848/; classtype:trojan-activity;sid:84564948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.206.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701847/; classtype:trojan-activity;sid:84564947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701846)"; flow:established,from_client; content:"GET"; http_method; content:"/get26q7f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wolke.oakensiegel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701846/; classtype:trojan-activity;sid:84564946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.240.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701845/; classtype:trojan-activity;sid:84564945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701844)"; flow:established,from_client; content:"GET"; http_method; content:"/1pohs3v1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rune.oakensiegel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701844/; classtype:trojan-activity;sid:84564944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.183.129.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701843/; classtype:trojan-activity;sid:84564943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701842/; classtype:trojan-activity;sid:84564942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.150.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701841/; classtype:trojan-activity;sid:84564941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701840)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1824233174/8krvsf8.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701840/; classtype:trojan-activity;sid:84564940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.197.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701839/; classtype:trojan-activity;sid:84564939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.129.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701838/; classtype:trojan-activity;sid:84564938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701837)"; flow:established,from_client; content:"GET"; http_method; content:"/udrcirhv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"licht.argonbucht.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701837/; classtype:trojan-activity;sid:84564937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.35.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701836/; classtype:trojan-activity;sid:84564936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.69.84.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701835/; classtype:trojan-activity;sid:84564935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.84.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701834/; classtype:trojan-activity;sid:84564934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701833/; classtype:trojan-activity;sid:84564933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701832)"; flow:established,from_client; content:"GET"; http_method; content:"/l18islyr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tau.ibexweald.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701832/; classtype:trojan-activity;sid:84564932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.165.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701831/; classtype:trojan-activity;sid:84564931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.234.246.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701830/; classtype:trojan-activity;sid:84564930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.35.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701829/; classtype:trojan-activity;sid:84564929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.69.84.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701828/; classtype:trojan-activity;sid:84564928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.239.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701827/; classtype:trojan-activity;sid:84564927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701826/; classtype:trojan-activity;sid:84564926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701825)"; flow:established,from_client; content:"GET"; http_method; content:"/6xqboma8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eiche.ibexweald.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701825/; classtype:trojan-activity;sid:84564925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.108.49.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701824/; classtype:trojan-activity;sid:84564924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701823/; classtype:trojan-activity;sid:84564923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701822)"; flow:established,from_client; content:"GET"; http_method; content:"/z0niyxqt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"grat.dovemantel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701822/; classtype:trojan-activity;sid:84564922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.225.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701821/; classtype:trojan-activity;sid:84564921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.34.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701820/; classtype:trojan-activity;sid:84564920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701819)"; flow:established,from_client; content:"GET"; http_method; content:"/0agyimw7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hafen.dovemantel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701819/; classtype:trojan-activity;sid:84564919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.5.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701818/; classtype:trojan-activity;sid:84564918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.172.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701817/; classtype:trojan-activity;sid:84564917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701816/; classtype:trojan-activity;sid:84564916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701815)"; flow:established,from_client; content:"GET"; http_method; content:"/wshff1b3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pfad.elmquarry.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701815/; classtype:trojan-activity;sid:84564915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.211.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701814/; classtype:trojan-activity;sid:84564914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.230.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701813/; classtype:trojan-activity;sid:84564913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701812/; classtype:trojan-activity;sid:84564912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.155.146.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701811/; classtype:trojan-activity;sid:84564911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701810/; classtype:trojan-activity;sid:84564910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701809)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701809/; classtype:trojan-activity;sid:84564909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701808)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701808/; classtype:trojan-activity;sid:84564908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701806)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701806/; classtype:trojan-activity;sid:84564906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701807)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701807/; classtype:trojan-activity;sid:84564907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701805)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701805/; classtype:trojan-activity;sid:84564905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701801)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701801/; classtype:trojan-activity;sid:84564901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701802)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701802/; classtype:trojan-activity;sid:84564902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701803)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701803/; classtype:trojan-activity;sid:84564903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701804)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701804/; classtype:trojan-activity;sid:84564904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701800)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701800/; classtype:trojan-activity;sid:84564900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701798)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701798/; classtype:trojan-activity;sid:84564898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701799)"; flow:established,from_client; content:"GET"; http_method; content:"/morte.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701799/; classtype:trojan-activity;sid:84564899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.5.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701797/; classtype:trojan-activity;sid:84564897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.172.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701796/; classtype:trojan-activity;sid:84564896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.71.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701795/; classtype:trojan-activity;sid:84564895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701794/; classtype:trojan-activity;sid:84564894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.47.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701793/; classtype:trojan-activity;sid:84564893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.71.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701792/; classtype:trojan-activity;sid:84564892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.248.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701791/; classtype:trojan-activity;sid:84564891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.103.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701790/; classtype:trojan-activity;sid:84564890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701789)"; flow:established,from_client; content:"GET"; http_method; content:"/n8toawpq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gleam.xenonridge.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701789/; classtype:trojan-activity;sid:84564889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701788)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/stwhchoj.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.135.194.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701788/; classtype:trojan-activity;sid:84564888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.198.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701787/; classtype:trojan-activity;sid:84564887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701786)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/jmnnu0h.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701786/; classtype:trojan-activity;sid:84564886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701785/; classtype:trojan-activity;sid:84564885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.248.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701783/; classtype:trojan-activity;sid:84564883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.47.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701784/; classtype:trojan-activity;sid:84564884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.244.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701782/; classtype:trojan-activity;sid:84564882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.84.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701781/; classtype:trojan-activity;sid:84564881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.230.164.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701780/; classtype:trojan-activity;sid:84564880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701779)"; flow:established,from_client; content:"GET"; http_method; content:"/cqpxc0a8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"birch.sparrowdock.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701779/; classtype:trojan-activity;sid:84564879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.190.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701778/; classtype:trojan-activity;sid:84564878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.23.129"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701777/; classtype:trojan-activity;sid:84564877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701776)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/9t3d4g8.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701776/; classtype:trojan-activity;sid:84564876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.190.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701775/; classtype:trojan-activity;sid:84564875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.211.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701774/; classtype:trojan-activity;sid:84564874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.212.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701773/; classtype:trojan-activity;sid:84564873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.171.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701772/; classtype:trojan-activity;sid:84564872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701771)"; flow:established,from_client; content:"GET"; http_method; content:"/y5yjvkgq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufer.anvilklee.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701771/; classtype:trojan-activity;sid:84564871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.79.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701770/; classtype:trojan-activity;sid:84564870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.77.46.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701769/; classtype:trojan-activity;sid:84564869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701768)"; flow:established,from_client; content:"GET"; http_method; content:"/9cpxz7af"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stein.anvilklee.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701768/; classtype:trojan-activity;sid:84564868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.173.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701767/; classtype:trojan-activity;sid:84564867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.171.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701766/; classtype:trojan-activity;sid:84564866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.252.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701765/; classtype:trojan-activity;sid:84564865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.225.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701764/; classtype:trojan-activity;sid:84564864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.25.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701763/; classtype:trojan-activity;sid:84564863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.102.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701762/; classtype:trojan-activity;sid:84564862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.6.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701761/; classtype:trojan-activity;sid:84564861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.231.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701760/; classtype:trojan-activity;sid:84564860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.239.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701759/; classtype:trojan-activity;sid:84564859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.72.238.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701758/; classtype:trojan-activity;sid:84564858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.84.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701757/; classtype:trojan-activity;sid:84564857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.25.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701756/; classtype:trojan-activity;sid:84564856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701755)"; flow:established,from_client; content:"GET"; http_method; content:"/eyo212ig"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.sageufer.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701755/; classtype:trojan-activity;sid:84564855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.144.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701754/; classtype:trojan-activity;sid:84564854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.95.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701753/; classtype:trojan-activity;sid:84564853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701752/; classtype:trojan-activity;sid:84564852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.243.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701750/; classtype:trojan-activity;sid:84564850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.138.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701751/; classtype:trojan-activity;sid:84564851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.239.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701749/; classtype:trojan-activity;sid:84564849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.231.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701748/; classtype:trojan-activity;sid:84564848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.40.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701747/; classtype:trojan-activity;sid:84564847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.255.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701746/; classtype:trojan-activity;sid:84564846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.6.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701745/; classtype:trojan-activity;sid:84564845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701744)"; flow:established,from_client; content:"GET"; http_method; content:"/k12k6y5g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bach.echohang.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701744/; classtype:trojan-activity;sid:84564844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.81.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701743/; classtype:trojan-activity;sid:84564843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.84.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701742/; classtype:trojan-activity;sid:84564842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.144.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701741/; classtype:trojan-activity;sid:84564841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.243.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701740/; classtype:trojan-activity;sid:84564840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701739)"; flow:established,from_client; content:"GET"; http_method; content:"/wo2ppa90"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"krone.echohang.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701739/; classtype:trojan-activity;sid:84564839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.49.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701738/; classtype:trojan-activity;sid:84564838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.252.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701737/; classtype:trojan-activity;sid:84564837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.127.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701736/; classtype:trojan-activity;sid:84564836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.87.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701735/; classtype:trojan-activity;sid:84564835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701734/; classtype:trojan-activity;sid:84564834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701733/; classtype:trojan-activity;sid:84564833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701732)"; flow:established,from_client; content:"GET"; http_method; content:"/sp9z9jug"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufer.shadowtal.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701732/; classtype:trojan-activity;sid:84564832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701731)"; flow:established,from_client; content:"GET"; http_method; content:"/files/814870813/8acq1rp.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701731/; classtype:trojan-activity;sid:84564831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701730/; classtype:trojan-activity;sid:84564830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.54.95.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701728/; classtype:trojan-activity;sid:84564828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.9.223"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701729/; classtype:trojan-activity;sid:84564829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.87.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701727/; classtype:trojan-activity;sid:84564827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701726/; classtype:trojan-activity;sid:84564826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.160.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701725/; classtype:trojan-activity;sid:84564825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.48.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701724/; classtype:trojan-activity;sid:84564824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.27.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701723/; classtype:trojan-activity;sid:84564823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.166.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701722/; classtype:trojan-activity;sid:84564822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701721/; classtype:trojan-activity;sid:84564821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701720)"; flow:established,from_client; content:"GET"; http_method; content:"/iypwyz0g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"grat.crimsonwald.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701720/; classtype:trojan-activity;sid:84564820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.197.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701719/; classtype:trojan-activity;sid:84564819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.38.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701718/; classtype:trojan-activity;sid:84564818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.198.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701717/; classtype:trojan-activity;sid:84564817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.160.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701716/; classtype:trojan-activity;sid:84564816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701715)"; flow:established,from_client; content:"GET"; http_method; content:"/pp4fjj40"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eis.crimsonwald.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701715/; classtype:trojan-activity;sid:84564815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701714/; classtype:trojan-activity;sid:84564814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.21.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701713/; classtype:trojan-activity;sid:84564813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701712)"; flow:established,from_client; content:"GET"; http_method; content:"/v89mbh4d"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stern.quartzhain.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701712/; classtype:trojan-activity;sid:84564812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701711)"; flow:established,from_client; content:"GET"; http_method; content:"/g1bam104"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eiche.quartzhain.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701711/; classtype:trojan-activity;sid:84564811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.46.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701710/; classtype:trojan-activity;sid:84564810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.166.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701709/; classtype:trojan-activity;sid:84564809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.197.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701708/; classtype:trojan-activity;sid:84564808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.27.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701707/; classtype:trojan-activity;sid:84564807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.79.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701705/; classtype:trojan-activity;sid:84564805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.38.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701706/; classtype:trojan-activity;sid:84564806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701704)"; flow:established,from_client; content:"GET"; http_method; content:"/fuck/niggaheeee"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.183.233.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701704/; classtype:trojan-activity;sid:84564804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701703)"; flow:established,from_client; content:"GET"; http_method; content:"/yag7fmw3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moos.granitebach.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701703/; classtype:trojan-activity;sid:84564803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.46.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701702/; classtype:trojan-activity;sid:84564802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701701)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6041505593/g67dndl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701701/; classtype:trojan-activity;sid:84564801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.123.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701700/; classtype:trojan-activity;sid:84564800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.144.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701699/; classtype:trojan-activity;sid:84564799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.79.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701698/; classtype:trojan-activity;sid:84564798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701697/; classtype:trojan-activity;sid:84564797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.181.224.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701696/; classtype:trojan-activity;sid:84564796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701695/; classtype:trojan-activity;sid:84564795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701694/; classtype:trojan-activity;sid:84564794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701693/; classtype:trojan-activity;sid:84564793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.123.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701692/; classtype:trojan-activity;sid:84564792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.34.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701691/; classtype:trojan-activity;sid:84564791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701690)"; flow:established,from_client; content:"GET"; http_method; content:"/150ga0po"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wald.copperhang.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701690/; classtype:trojan-activity;sid:84564790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701688)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701688/; classtype:trojan-activity;sid:84564788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701689)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701689/; classtype:trojan-activity;sid:84564789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.55.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701687/; classtype:trojan-activity;sid:84564787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701678)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701678/; classtype:trojan-activity;sid:84564778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701679)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701679/; classtype:trojan-activity;sid:84564779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701680)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701680/; classtype:trojan-activity;sid:84564780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701681)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701681/; classtype:trojan-activity;sid:84564781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701682)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701682/; classtype:trojan-activity;sid:84564782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701683)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.74.191.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701683/; classtype:trojan-activity;sid:84564783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701684)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701684/; classtype:trojan-activity;sid:84564784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701685)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701685/; classtype:trojan-activity;sid:84564785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701686)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701686/; classtype:trojan-activity;sid:84564786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701677)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.245.35.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701677/; classtype:trojan-activity;sid:84564777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.8.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701676/; classtype:trojan-activity;sid:84564776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.108.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701675/; classtype:trojan-activity;sid:84564775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701674/; classtype:trojan-activity;sid:84564774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.43.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701673/; classtype:trojan-activity;sid:84564773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.43.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701672/; classtype:trojan-activity;sid:84564772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701671)"; flow:established,from_client; content:"GET"; http_method; content:"/jtbse73f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tau.steelpfad.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701671/; classtype:trojan-activity;sid:84564771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.55.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701670/; classtype:trojan-activity;sid:84564770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701669/; classtype:trojan-activity;sid:84564769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.152.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701668/; classtype:trojan-activity;sid:84564768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701667/; classtype:trojan-activity;sid:84564767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.129.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701666/; classtype:trojan-activity;sid:84564766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701665)"; flow:established,from_client; content:"GET"; http_method; content:"/files/814870813/i81fwxp.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701665/; classtype:trojan-activity;sid:84564765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.108.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701664/; classtype:trojan-activity;sid:84564764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701663)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1907797257/6budm0j.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701663/; classtype:trojan-activity;sid:84564763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.245.232.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701662/; classtype:trojan-activity;sid:84564762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.199.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701661/; classtype:trojan-activity;sid:84564761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701660)"; flow:established,from_client; content:"GET"; http_method; content:"/8jk7wznu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gleis.atlasufer.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701660/; classtype:trojan-activity;sid:84564760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.129.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701659/; classtype:trojan-activity;sid:84564759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.34.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701658/; classtype:trojan-activity;sid:84564758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.42.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701657/; classtype:trojan-activity;sid:84564757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.228.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701656/; classtype:trojan-activity;sid:84564756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.8.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701655/; classtype:trojan-activity;sid:84564755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701654)"; flow:established,from_client; content:"GET"; http_method; content:"/u2k5ic6a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.atlasufer.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701654/; classtype:trojan-activity;sid:84564754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.245.232.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701653/; classtype:trojan-activity;sid:84564753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.199.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701652/; classtype:trojan-activity;sid:84564752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.148.195.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701651/; classtype:trojan-activity;sid:84564751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701647)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"221.14.182.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701647/; classtype:trojan-activity;sid:84564747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701648)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"207.148.70.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701648/; classtype:trojan-activity;sid:84564748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701649)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.76.158.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701649/; classtype:trojan-activity;sid:84564749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701650)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.54.244.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701650/; classtype:trojan-activity;sid:84564750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.133.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701646/; classtype:trojan-activity;sid:84564746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.74.80.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701645/; classtype:trojan-activity;sid:84564745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701644)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.105.137.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701644/; classtype:trojan-activity;sid:84564744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.192.98.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701642/; classtype:trojan-activity;sid:84564742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.53.28.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701643/; classtype:trojan-activity;sid:84564743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701628/; classtype:trojan-activity;sid:84564728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.226.235.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701629/; classtype:trojan-activity;sid:84564729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.6.64.222"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701630/; classtype:trojan-activity;sid:84564730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.192.215.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701631/; classtype:trojan-activity;sid:84564731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.43.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701632/; classtype:trojan-activity;sid:84564732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.253.180.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701633/; classtype:trojan-activity;sid:84564733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.121.142.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701634/; classtype:trojan-activity;sid:84564734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.135.91.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701635/; classtype:trojan-activity;sid:84564735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.44.110.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701636/; classtype:trojan-activity;sid:84564736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701637)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.50.212.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701637/; classtype:trojan-activity;sid:84564737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.195.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701638/; classtype:trojan-activity;sid:84564738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.191.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701639/; classtype:trojan-activity;sid:84564739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.160.65.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701640/; classtype:trojan-activity;sid:84564740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.183.104.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701641/; classtype:trojan-activity;sid:84564741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701626)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.41.157.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701626/; classtype:trojan-activity;sid:84564726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701627)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.30.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701627/; classtype:trojan-activity;sid:84564727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701625)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.130.197.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701625/; classtype:trojan-activity;sid:84564725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701624)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.154.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701624/; classtype:trojan-activity;sid:84564724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.27.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701623/; classtype:trojan-activity;sid:84564723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701622)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.154.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701622/; classtype:trojan-activity;sid:84564722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701621/; classtype:trojan-activity;sid:84564721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701620)"; flow:established,from_client; content:"GET"; http_method; content:"/sr7a1ojn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"birch.orionfeld.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701620/; classtype:trojan-activity;sid:84564720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.42.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701619/; classtype:trojan-activity;sid:84564719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.155.146.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701617/; classtype:trojan-activity;sid:84564717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.228.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701618/; classtype:trojan-activity;sid:84564718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.53.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701616/; classtype:trojan-activity;sid:84564716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701615)"; flow:established,from_client; content:"GET"; http_method; content:"/77frnq0r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"klee.orionfeld.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701615/; classtype:trojan-activity;sid:84564715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701614)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.78.220.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701614/; classtype:trojan-activity;sid:84564714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.195.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701613/; classtype:trojan-activity;sid:84564713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.43.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701611/; classtype:trojan-activity;sid:84564711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.68.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701612/; classtype:trojan-activity;sid:84564712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701610)"; flow:established,from_client; content:"GET"; http_method; content:"/oq3dfpg9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wolke.orionfeld.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701610/; classtype:trojan-activity;sid:84564710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.43.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701609/; classtype:trojan-activity;sid:84564709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.49.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701608/; classtype:trojan-activity;sid:84564708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.59.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701607/; classtype:trojan-activity;sid:84564707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.24.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701606/; classtype:trojan-activity;sid:84564706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.19.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701605/; classtype:trojan-activity;sid:84564705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.14.239.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701604/; classtype:trojan-activity;sid:84564704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.184.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701603/; classtype:trojan-activity;sid:84564703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.53.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701602/; classtype:trojan-activity;sid:84564702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.10.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701601/; classtype:trojan-activity;sid:84564701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.247.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701600/; classtype:trojan-activity;sid:84564700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.43.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701599/; classtype:trojan-activity;sid:84564699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.39.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701597/; classtype:trojan-activity;sid:84564697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.68.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701598/; classtype:trojan-activity;sid:84564698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701596)"; flow:established,from_client; content:"GET"; http_method; content:"/ylwkt6gu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fern.br-1-ar-wild.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701596/; classtype:trojan-activity;sid:84564696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.152.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701595/; classtype:trojan-activity;sid:84564695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.117.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701594/; classtype:trojan-activity;sid:84564694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701593)"; flow:established,from_client; content:"GET"; http_method; content:"/wyo4hrct"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ax.m0onforger.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701593/; classtype:trojan-activity;sid:84564693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.14.239.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701592/; classtype:trojan-activity;sid:84564692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.247.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701591/; classtype:trojan-activity;sid:84564691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701590)"; flow:established,from_client; content:"GET"; http_method; content:"/mdrqetdh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lbgxn.m0onforger.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701590/; classtype:trojan-activity;sid:84564690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.184.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701589/; classtype:trojan-activity;sid:84564689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701588/; classtype:trojan-activity;sid:84564688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.188.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701587/; classtype:trojan-activity;sid:84564687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.39.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701586/; classtype:trojan-activity;sid:84564686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.246.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701585/; classtype:trojan-activity;sid:84564685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.247.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701584/; classtype:trojan-activity;sid:84564684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.12.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701583/; classtype:trojan-activity;sid:84564683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.186.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701582/; classtype:trojan-activity;sid:84564682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701581)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7832120325/upcye86.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701581/; classtype:trojan-activity;sid:84564681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701580)"; flow:established,from_client; content:"GET"; http_method; content:"/sai4qosy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hover4.ember-trail.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701580/; classtype:trojan-activity;sid:84564680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.226.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701579/; classtype:trojan-activity;sid:84564679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.95.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701578/; classtype:trojan-activity;sid:84564678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.205.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701577/; classtype:trojan-activity;sid:84564677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701576)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7832120325/8qjxnry.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701576/; classtype:trojan-activity;sid:84564676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701575)"; flow:established,from_client; content:"GET"; http_method; content:"/el6c4gib"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gl.ember-trail.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701575/; classtype:trojan-activity;sid:84564675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.49.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701574/; classtype:trojan-activity;sid:84564674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.246.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701573/; classtype:trojan-activity;sid:84564673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701572)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7633139978/zqq8qwm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701572/; classtype:trojan-activity;sid:84564672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701571)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5953678887/33sqiso.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701571/; classtype:trojan-activity;sid:84564671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701570/; classtype:trojan-activity;sid:84564670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.154.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701569/; classtype:trojan-activity;sid:84564669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.42.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701568/; classtype:trojan-activity;sid:84564668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.152.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701567/; classtype:trojan-activity;sid:84564667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.95.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701566/; classtype:trojan-activity;sid:84564666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.152.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701565/; classtype:trojan-activity;sid:84564665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.154.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701564/; classtype:trojan-activity;sid:84564664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.42.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701563/; classtype:trojan-activity;sid:84564663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.11.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701562/; classtype:trojan-activity;sid:84564662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701561)"; flow:established,from_client; content:"GET"; http_method; content:"/rh1dhu5k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mto.gi-0-wmarsh.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701561/; classtype:trojan-activity;sid:84564661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.164.198.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701560/; classtype:trojan-activity;sid:84564660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701559)"; flow:established,from_client; content:"GET"; http_method; content:"/s3g96o43"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6gx.gi-0-wmarsh.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701559/; classtype:trojan-activity;sid:84564659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.179.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701558/; classtype:trojan-activity;sid:84564658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.11.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701557/; classtype:trojan-activity;sid:84564657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.39.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701556/; classtype:trojan-activity;sid:84564656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701555)"; flow:established,from_client; content:"GET"; http_method; content:"/1bmpaqes"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hfcv.gi-0-wmarsh.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701555/; classtype:trojan-activity;sid:84564655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.167.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701554/; classtype:trojan-activity;sid:84564654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.164.198.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701553/; classtype:trojan-activity;sid:84564653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.197.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701552/; classtype:trojan-activity;sid:84564652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.167.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701551/; classtype:trojan-activity;sid:84564651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.39.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701550/; classtype:trojan-activity;sid:84564650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.21.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701549/; classtype:trojan-activity;sid:84564649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.226.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701548/; classtype:trojan-activity;sid:84564648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.246.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701547/; classtype:trojan-activity;sid:84564647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.197.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701546/; classtype:trojan-activity;sid:84564646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.172.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701545/; classtype:trojan-activity;sid:84564645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.155.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701544/; classtype:trojan-activity;sid:84564644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701543)"; flow:established,from_client; content:"GET"; http_method; content:"/b7ybvp9i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"drift.gi0wmarsh.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701543/; classtype:trojan-activity;sid:84564643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.226.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701542/; classtype:trojan-activity;sid:84564642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701541/; classtype:trojan-activity;sid:84564641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.183.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701540/; classtype:trojan-activity;sid:84564640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.117.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701539/; classtype:trojan-activity;sid:84564639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.155.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701538/; classtype:trojan-activity;sid:84564638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.118.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701537/; classtype:trojan-activity;sid:84564637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.119.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701536/; classtype:trojan-activity;sid:84564636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.65.145.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701535/; classtype:trojan-activity;sid:84564635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.117.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701534/; classtype:trojan-activity;sid:84564634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701532/; classtype:trojan-activity;sid:84564632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.29.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701533/; classtype:trojan-activity;sid:84564633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.157.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701531/; classtype:trojan-activity;sid:84564631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.87.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701530/; classtype:trojan-activity;sid:84564630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.164.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701529/; classtype:trojan-activity;sid:84564629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.244.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701528/; classtype:trojan-activity;sid:84564628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.84.215.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701527/; classtype:trojan-activity;sid:84564627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701526)"; flow:established,from_client; content:"GET"; http_method; content:"/jxm7ua1p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"spark.m-0-on-forger.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701526/; classtype:trojan-activity;sid:84564626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.18.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701525/; classtype:trojan-activity;sid:84564625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.186.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701524/; classtype:trojan-activity;sid:84564624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.87.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701523/; classtype:trojan-activity;sid:84564623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.171.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701522/; classtype:trojan-activity;sid:84564622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701521)"; flow:established,from_client; content:"GET"; http_method; content:"/lol.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"windyy.qzz.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701521/; classtype:trojan-activity;sid:84564621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.84.215.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701520/; classtype:trojan-activity;sid:84564620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.186.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701519/; classtype:trojan-activity;sid:84564619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.66.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701518/; classtype:trojan-activity;sid:84564618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701517)"; flow:established,from_client; content:"GET"; http_method; content:"/aud40gyy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dhy.wind-barrow.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701517/; classtype:trojan-activity;sid:84564617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701516)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701516/; classtype:trojan-activity;sid:84564616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701515)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.203.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701515/; classtype:trojan-activity;sid:84564615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701514)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.128.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701514/; classtype:trojan-activity;sid:84564614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701513)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701513/; classtype:trojan-activity;sid:84564613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701512)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.128.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701512/; classtype:trojan-activity;sid:84564612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701511)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701511/; classtype:trojan-activity;sid:84564611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701510)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701510/; classtype:trojan-activity;sid:84564610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701509)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701509/; classtype:trojan-activity;sid:84564609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701508)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701508/; classtype:trojan-activity;sid:84564608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701506)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.118.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701506/; classtype:trojan-activity;sid:84564606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701507)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.118.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701507/; classtype:trojan-activity;sid:84564607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701505)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.193.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701505/; classtype:trojan-activity;sid:84564605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701504)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701504/; classtype:trojan-activity;sid:84564604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701503)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701503/; classtype:trojan-activity;sid:84564603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701502)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701502/; classtype:trojan-activity;sid:84564602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701500)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701500/; classtype:trojan-activity;sid:84564600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701501)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701501/; classtype:trojan-activity;sid:84564601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701497)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701497/; classtype:trojan-activity;sid:84564597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701498)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701498/; classtype:trojan-activity;sid:84564598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701499)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701499/; classtype:trojan-activity;sid:84564599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701496)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.193.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701496/; classtype:trojan-activity;sid:84564596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701494)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701494/; classtype:trojan-activity;sid:84564594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701495)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701495/; classtype:trojan-activity;sid:84564595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701492)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701492/; classtype:trojan-activity;sid:84564592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701493)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701493/; classtype:trojan-activity;sid:84564593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701491)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701491/; classtype:trojan-activity;sid:84564591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701490)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701490/; classtype:trojan-activity;sid:84564590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701488)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701488/; classtype:trojan-activity;sid:84564588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701489)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701489/; classtype:trojan-activity;sid:84564589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701485)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701485/; classtype:trojan-activity;sid:84564585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701486)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701486/; classtype:trojan-activity;sid:84564586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701487)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701487/; classtype:trojan-activity;sid:84564587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701484)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701484/; classtype:trojan-activity;sid:84564584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701483)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701483/; classtype:trojan-activity;sid:84564583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701480)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701480/; classtype:trojan-activity;sid:84564580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701481)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701481/; classtype:trojan-activity;sid:84564581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701482)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701482/; classtype:trojan-activity;sid:84564582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701479)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.119.176.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701479/; classtype:trojan-activity;sid:84564579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701477)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.54.226.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701477/; classtype:trojan-activity;sid:84564577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701478)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.54.226.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701478/; classtype:trojan-activity;sid:84564578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701475)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701475/; classtype:trojan-activity;sid:84564575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701476)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701476/; classtype:trojan-activity;sid:84564576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701474)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.167.253.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701474/; classtype:trojan-activity;sid:84564574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701473)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701473/; classtype:trojan-activity;sid:84564573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701470)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.51.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701470/; classtype:trojan-activity;sid:84564570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701471)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.78.220.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701471/; classtype:trojan-activity;sid:84564571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701472)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701472/; classtype:trojan-activity;sid:84564572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701467)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701467/; classtype:trojan-activity;sid:84564567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701468)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701468/; classtype:trojan-activity;sid:84564568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701469)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701469/; classtype:trojan-activity;sid:84564569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701462/; classtype:trojan-activity;sid:84564562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701463)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701463/; classtype:trojan-activity;sid:84564563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701464)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701464/; classtype:trojan-activity;sid:84564564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701465)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.99.15.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701465/; classtype:trojan-activity;sid:84564565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701466)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701466/; classtype:trojan-activity;sid:84564566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701461)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701461/; classtype:trojan-activity;sid:84564561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701455)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701455/; classtype:trojan-activity;sid:84564555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701456)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701456/; classtype:trojan-activity;sid:84564556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701457)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.38.245.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701457/; classtype:trojan-activity;sid:84564557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701458)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"191.25.194.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701458/; classtype:trojan-activity;sid:84564558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701459)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701459/; classtype:trojan-activity;sid:84564559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701460)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.162.157.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701460/; classtype:trojan-activity;sid:84564560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701449)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701449/; classtype:trojan-activity;sid:84564549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701450)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701450/; classtype:trojan-activity;sid:84564550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701451)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.237.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701451/; classtype:trojan-activity;sid:84564551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701452)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701452/; classtype:trojan-activity;sid:84564552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701453)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.107.43.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701453/; classtype:trojan-activity;sid:84564553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701454)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.195.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701454/; classtype:trojan-activity;sid:84564554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.164.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701448/; classtype:trojan-activity;sid:84564548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.86.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701447/; classtype:trojan-activity;sid:84564547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.30.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701446/; classtype:trojan-activity;sid:84564546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.66.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701445/; classtype:trojan-activity;sid:84564545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701444)"; flow:established,from_client; content:"GET"; http_method; content:"/wuryoi9f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hu.storm-harrow.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701444/; classtype:trojan-activity;sid:84564544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.171.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701443/; classtype:trojan-activity;sid:84564543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.7.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701442/; classtype:trojan-activity;sid:84564542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.86.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701441/; classtype:trojan-activity;sid:84564541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.214.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701440/; classtype:trojan-activity;sid:84564540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.159.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701439/; classtype:trojan-activity;sid:84564539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701438)"; flow:established,from_client; content:"GET"; http_method; content:"/o2fiy6dw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uirs.br1arwild.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701438/; classtype:trojan-activity;sid:84564538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701437)"; flow:established,from_client; content:"GET"; http_method; content:"/ryh38yv2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bloom.br1arwild.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701437/; classtype:trojan-activity;sid:84564537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701436)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701436/; classtype:trojan-activity;sid:84564536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701435)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701435/; classtype:trojan-activity;sid:84564535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701434)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/12/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701434/; classtype:trojan-activity;sid:84564534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701433)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701433/; classtype:trojan-activity;sid:84564533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701432)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/09/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701432/; classtype:trojan-activity;sid:84564532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701431/; classtype:trojan-activity;sid:84564531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701427)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/01/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701427/; classtype:trojan-activity;sid:84564527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701428)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701428/; classtype:trojan-activity;sid:84564528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701429)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/03/27/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701429/; classtype:trojan-activity;sid:84564529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701430)"; flow:established,from_client; content:"GET"; http_method; content:"/eyebeam%201.5/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701430/; classtype:trojan-activity;sid:84564530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701424)"; flow:established,from_client; content:"GET"; http_method; content:"/2022/03/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701424/; classtype:trojan-activity;sid:84564524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701425)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701425/; classtype:trojan-activity;sid:84564525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701426)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701426/; classtype:trojan-activity;sid:84564526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701420)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701420/; classtype:trojan-activity;sid:84564520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701421)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701421/; classtype:trojan-activity;sid:84564521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701422)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701422/; classtype:trojan-activity;sid:84564522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701423)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/10/28/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701423/; classtype:trojan-activity;sid:84564523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701416)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701416/; classtype:trojan-activity;sid:84564516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701417)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701417/; classtype:trojan-activity;sid:84564517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701418)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701418/; classtype:trojan-activity;sid:84564518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701419)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701419/; classtype:trojan-activity;sid:84564519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701411)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701411/; classtype:trojan-activity;sid:84564511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701412)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/12/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701412/; classtype:trojan-activity;sid:84564512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701413)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701413/; classtype:trojan-activity;sid:84564513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701414)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/07/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701414/; classtype:trojan-activity;sid:84564514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701415)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701415/; classtype:trojan-activity;sid:84564515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701407)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/11/13/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701407/; classtype:trojan-activity;sid:84564507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701408)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701408/; classtype:trojan-activity;sid:84564508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701409)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701409/; classtype:trojan-activity;sid:84564509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701410)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701410/; classtype:trojan-activity;sid:84564510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701404)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/10/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701404/; classtype:trojan-activity;sid:84564504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701405)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701405/; classtype:trojan-activity;sid:84564505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701406)"; flow:established,from_client; content:"GET"; http_method; content:"/2020/04/29/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701406/; classtype:trojan-activity;sid:84564506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701398)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701398/; classtype:trojan-activity;sid:84564498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701399)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701399/; classtype:trojan-activity;sid:84564499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701400)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/11/04/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701400/; classtype:trojan-activity;sid:84564500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701401)"; flow:established,from_client; content:"GET"; http_method; content:"/2021/10/29/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"60.26.218.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701401/; classtype:trojan-activity;sid:84564501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701402)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701402/; classtype:trojan-activity;sid:84564502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701403)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701403/; classtype:trojan-activity;sid:84564503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701395)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701395/; classtype:trojan-activity;sid:84564495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701396)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701396/; classtype:trojan-activity;sid:84564496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701397)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701397/; classtype:trojan-activity;sid:84564497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701392)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701392/; classtype:trojan-activity;sid:84564492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701393)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701393/; classtype:trojan-activity;sid:84564493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701394)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701394/; classtype:trojan-activity;sid:84564494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701390)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701390/; classtype:trojan-activity;sid:84564490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701391)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701391/; classtype:trojan-activity;sid:84564491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701389)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701389/; classtype:trojan-activity;sid:84564489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701384)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701384/; classtype:trojan-activity;sid:84564484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701385)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701385/; classtype:trojan-activity;sid:84564485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701386)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701386/; classtype:trojan-activity;sid:84564486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701387)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701387/; classtype:trojan-activity;sid:84564487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701388)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701388/; classtype:trojan-activity;sid:84564488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701381)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701381/; classtype:trojan-activity;sid:84564481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701382)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701382/; classtype:trojan-activity;sid:84564482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701383)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/photo.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701383/; classtype:trojan-activity;sid:84564483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701377)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701377/; classtype:trojan-activity;sid:84564477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701378)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/video.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701378/; classtype:trojan-activity;sid:84564478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701379)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/video.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701379/; classtype:trojan-activity;sid:84564479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701380)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.252.195.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701380/; classtype:trojan-activity;sid:84564480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701376)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701376/; classtype:trojan-activity;sid:84564476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701375)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701375/; classtype:trojan-activity;sid:84564475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701374)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.28.204.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701374/; classtype:trojan-activity;sid:84564474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701373)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701373/; classtype:trojan-activity;sid:84564473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701372)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701372/; classtype:trojan-activity;sid:84564472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701368)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701368/; classtype:trojan-activity;sid:84564468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701369)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701369/; classtype:trojan-activity;sid:84564469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701370)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701370/; classtype:trojan-activity;sid:84564470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701371)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701371/; classtype:trojan-activity;sid:84564471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701367)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.249.12.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701367/; classtype:trojan-activity;sid:84564467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701366)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701366/; classtype:trojan-activity;sid:84564466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701363)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.114.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701363/; classtype:trojan-activity;sid:84564463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701364)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701364/; classtype:trojan-activity;sid:84564464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701365)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701365/; classtype:trojan-activity;sid:84564465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701360)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.89.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701360/; classtype:trojan-activity;sid:84564460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701361)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.249.12.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701361/; classtype:trojan-activity;sid:84564461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701362)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701362/; classtype:trojan-activity;sid:84564462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701358)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.12.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701358/; classtype:trojan-activity;sid:84564458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701359)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701359/; classtype:trojan-activity;sid:84564459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701356)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.170.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701356/; classtype:trojan-activity;sid:84564456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701357)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701357/; classtype:trojan-activity;sid:84564457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701354)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701354/; classtype:trojan-activity;sid:84564454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701351)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701351/; classtype:trojan-activity;sid:84564451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701348)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.158.4.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701348/; classtype:trojan-activity;sid:84564448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701333)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701333/; classtype:trojan-activity;sid:84564433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701332)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701332/; classtype:trojan-activity;sid:84564432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.225.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701329/; classtype:trojan-activity;sid:84564429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701330)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.249.2.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701330/; classtype:trojan-activity;sid:84564430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701331)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.236.129.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701331/; classtype:trojan-activity;sid:84564431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701328)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701328/; classtype:trojan-activity;sid:84564428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701326)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701326/; classtype:trojan-activity;sid:84564426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.249.2.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701327/; classtype:trojan-activity;sid:84564427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701325)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.207.44.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701325/; classtype:trojan-activity;sid:84564425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701323)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701323/; classtype:trojan-activity;sid:84564423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701324)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701324/; classtype:trojan-activity;sid:84564424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701318)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701318/; classtype:trojan-activity;sid:84564418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701319)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701319/; classtype:trojan-activity;sid:84564419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701320)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701320/; classtype:trojan-activity;sid:84564420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701321)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.241.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701321/; classtype:trojan-activity;sid:84564421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701322)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.225.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701322/; classtype:trojan-activity;sid:84564422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701316)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701316/; classtype:trojan-activity;sid:84564416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701317)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701317/; classtype:trojan-activity;sid:84564417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.49.211.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701305/; classtype:trojan-activity;sid:84564405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701304)"; flow:established,from_client; content:"GET"; http_method; content:"/8m0ekmn6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"brook.cinderloom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701304/; classtype:trojan-activity;sid:84564404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.59.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701303/; classtype:trojan-activity;sid:84564403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701302)"; flow:established,from_client; content:"GET"; http_method; content:"/cooking.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"uploadsfre.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701302/; classtype:trojan-activity;sid:84564402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701301)"; flow:established,from_client; content:"GET"; http_method; content:"/loaad.msi"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aplikasiikan.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701301/; classtype:trojan-activity;sid:84564401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.106.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701300/; classtype:trojan-activity;sid:84564400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701299)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/thanh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"superfluitymagazine.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701299/; classtype:trojan-activity;sid:84564399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.152.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701298/; classtype:trojan-activity;sid:84564398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701297)"; flow:established,from_client; content:"GET"; http_method; content:"/uydclexb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vale0.cinderloom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701297/; classtype:trojan-activity;sid:84564397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.183.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701296/; classtype:trojan-activity;sid:84564396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.188.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701294/; classtype:trojan-activity;sid:84564394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701295/; classtype:trojan-activity;sid:84564395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.59.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701293/; classtype:trojan-activity;sid:84564393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.106.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701292/; classtype:trojan-activity;sid:84564392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.166.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701291/; classtype:trojan-activity;sid:84564391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.78.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701290/; classtype:trojan-activity;sid:84564390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701289/; classtype:trojan-activity;sid:84564389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701288/; classtype:trojan-activity;sid:84564388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701287)"; flow:established,from_client; content:"GET"; http_method; content:"/1ew6u01v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hover.fr0stciiff.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701287/; classtype:trojan-activity;sid:84564387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.188.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701286/; classtype:trojan-activity;sid:84564386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.198.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701285/; classtype:trojan-activity;sid:84564385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.43.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701284/; classtype:trojan-activity;sid:84564384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.78.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701283/; classtype:trojan-activity;sid:84564383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.236.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701282/; classtype:trojan-activity;sid:84564382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.217.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701281/; classtype:trojan-activity;sid:84564381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701280)"; flow:established,from_client; content:"GET"; http_method; content:"/uvshi5um"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uf6qo.fr0stciiff.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701280/; classtype:trojan-activity;sid:84564380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.199.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701279/; classtype:trojan-activity;sid:84564379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.131.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701277/; classtype:trojan-activity;sid:84564377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701278/; classtype:trojan-activity;sid:84564378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701276)"; flow:established,from_client; content:"GET"; http_method; content:"/k6scvyji"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pwmt.embertrail.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701276/; classtype:trojan-activity;sid:84564376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.180.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701275/; classtype:trojan-activity;sid:84564375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.43.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701274/; classtype:trojan-activity;sid:84564374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.233.58.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701273/; classtype:trojan-activity;sid:84564373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.217.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701272/; classtype:trojan-activity;sid:84564372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.123.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701270/; classtype:trojan-activity;sid:84564370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.94.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701271/; classtype:trojan-activity;sid:84564371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.123.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701269/; classtype:trojan-activity;sid:84564369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.180.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701268/; classtype:trojan-activity;sid:84564368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.199.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701267/; classtype:trojan-activity;sid:84564367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701266/; classtype:trojan-activity;sid:84564366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.186.205.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701264/; classtype:trojan-activity;sid:84564364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.120.56.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701265/; classtype:trojan-activity;sid:84564365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.233.58.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701263/; classtype:trojan-activity;sid:84564363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.186.205.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701262/; classtype:trojan-activity;sid:84564362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.18.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701261/; classtype:trojan-activity;sid:84564361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.164.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701260/; classtype:trojan-activity;sid:84564360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.72.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701259/; classtype:trojan-activity;sid:84564359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.157.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701258/; classtype:trojan-activity;sid:84564358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.79.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701257/; classtype:trojan-activity;sid:84564357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.252.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701256/; classtype:trojan-activity;sid:84564356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.52.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701255/; classtype:trojan-activity;sid:84564355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.82.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701254/; classtype:trojan-activity;sid:84564354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.193.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701253/; classtype:trojan-activity;sid:84564353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.126.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701252/; classtype:trojan-activity;sid:84564352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701251)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/nguwqee.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701251/; classtype:trojan-activity;sid:84564351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701250)"; flow:established,from_client; content:"GET"; http_method; content:"/pqkl287h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60w.lake-spry.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701250/; classtype:trojan-activity;sid:84564350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701249/; classtype:trojan-activity;sid:84564349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.79.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701248/; classtype:trojan-activity;sid:84564348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.252.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701247/; classtype:trojan-activity;sid:84564347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701246)"; flow:established,from_client; content:"GET"; http_method; content:"/3ezkyfp4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pigb.lake-spry.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701246/; classtype:trojan-activity;sid:84564346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.82.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701245/; classtype:trojan-activity;sid:84564345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.126.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701244/; classtype:trojan-activity;sid:84564344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701243/; classtype:trojan-activity;sid:84564343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.111.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701242/; classtype:trojan-activity;sid:84564342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701241/; classtype:trojan-activity;sid:84564341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701240/; classtype:trojan-activity;sid:84564340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.114.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701239/; classtype:trojan-activity;sid:84564339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.100.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701238/; classtype:trojan-activity;sid:84564338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.138.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701237/; classtype:trojan-activity;sid:84564337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.23.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701236/; classtype:trojan-activity;sid:84564336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701235/; classtype:trojan-activity;sid:84564335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701234)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.100.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701234/; classtype:trojan-activity;sid:84564334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.100.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701232/; classtype:trojan-activity;sid:84564332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.52.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701233/; classtype:trojan-activity;sid:84564333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.93.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701230/; classtype:trojan-activity;sid:84564330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.23.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701231/; classtype:trojan-activity;sid:84564331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.205.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701229/; classtype:trojan-activity;sid:84564329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.20.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701228/; classtype:trojan-activity;sid:84564328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701227/; classtype:trojan-activity;sid:84564327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.114.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701226/; classtype:trojan-activity;sid:84564326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701225/; classtype:trojan-activity;sid:84564325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.100.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701224/; classtype:trojan-activity;sid:84564324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701223)"; flow:established,from_client; content:"GET"; http_method; content:"/58uyyubc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"i6gx6.s0ftfern.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701223/; classtype:trojan-activity;sid:84564323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.182.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701222/; classtype:trojan-activity;sid:84564322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701221/; classtype:trojan-activity;sid:84564321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.91.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701220/; classtype:trojan-activity;sid:84564320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701219)"; flow:established,from_client; content:"GET"; http_method; content:"/a7tko7of"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ib.lakespry.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701219/; classtype:trojan-activity;sid:84564319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701218/; classtype:trojan-activity;sid:84564318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.210.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701217/; classtype:trojan-activity;sid:84564317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701216)"; flow:established,from_client; content:"GET"; http_method; content:"/uc52p22x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r349.lakespry.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701216/; classtype:trojan-activity;sid:84564316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.228.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701215/; classtype:trojan-activity;sid:84564315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.223.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701214/; classtype:trojan-activity;sid:84564314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701213)"; flow:established,from_client; content:"GET"; http_method; content:"/ryc5alxm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gk0.bl1zpond.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701213/; classtype:trojan-activity;sid:84564313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.109.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701212/; classtype:trojan-activity;sid:84564312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.201.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701211/; classtype:trojan-activity;sid:84564311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.228.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701210/; classtype:trojan-activity;sid:84564310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.202.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701209/; classtype:trojan-activity;sid:84564309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.32.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701208/; classtype:trojan-activity;sid:84564308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701207)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/dgghm5b.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701207/; classtype:trojan-activity;sid:84564307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701206)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsformatxxxxxxxxxxxxxxx.hta"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"107.172.132.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701206/; classtype:trojan-activity;sid:84564306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701205)"; flow:established,from_client; content:"GET"; http_method; content:"/apvjcu9pkxwkumvj/d.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"file.garden"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701205/; classtype:trojan-activity;sid:84564305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701204)"; flow:established,from_client; content:"GET"; http_method; content:"/qxgfzd.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701204/; classtype:trojan-activity;sid:84564304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701203)"; flow:established,from_client; content:"GET"; http_method; content:"/scoto.jpb"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701203/; classtype:trojan-activity;sid:84564303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.152.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701202/; classtype:trojan-activity;sid:84564302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.147.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701200/; classtype:trojan-activity;sid:84564300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.223.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701201/; classtype:trojan-activity;sid:84564301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701199)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701199/; classtype:trojan-activity;sid:84564299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701197)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701197/; classtype:trojan-activity;sid:84564297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701198)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701198/; classtype:trojan-activity;sid:84564298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701190)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701190/; classtype:trojan-activity;sid:84564290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701191)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701191/; classtype:trojan-activity;sid:84564291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701192)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701192/; classtype:trojan-activity;sid:84564292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701193)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701193/; classtype:trojan-activity;sid:84564293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701194)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701194/; classtype:trojan-activity;sid:84564294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701195)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701195/; classtype:trojan-activity;sid:84564295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701196)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701196/; classtype:trojan-activity;sid:84564296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701186)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701186/; classtype:trojan-activity;sid:84564286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701187)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701187/; classtype:trojan-activity;sid:84564287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701188)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sparc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701188/; classtype:trojan-activity;sid:84564288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701189)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701189/; classtype:trojan-activity;sid:84564289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701183)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.i686"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701183/; classtype:trojan-activity;sid:84564283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701184)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.i586"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701184/; classtype:trojan-activity;sid:84564284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701185)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701185/; classtype:trojan-activity;sid:84564285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.73.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701182/; classtype:trojan-activity;sid:84564282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701181)"; flow:established,from_client; content:"GET"; http_method; content:"/blackshell256/null-amsi/refs/heads/main/null-4msi.ps1"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701181/; classtype:trojan-activity;sid:84564281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701180)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701180/; classtype:trojan-activity;sid:84564280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701178)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701178/; classtype:trojan-activity;sid:84564278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701179)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701179/; classtype:trojan-activity;sid:84564279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701177)"; flow:established,from_client; content:"GET"; http_method; content:"/file/magis-celular_vlatest_2.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"magistvapk.com.ar"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701177/; classtype:trojan-activity;sid:84564277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701175)"; flow:established,from_client; content:"GET"; http_method; content:"/otthippo1.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"app011.online"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701175/; classtype:trojan-activity;sid:84564275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701176)"; flow:established,from_client; content:"GET"; http_method; content:"/download/direct/2c7dfd63-1301-40d7-ac1d-021e20866e43/zoomworkspaceinstaller.exe"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"store-na-phx-4.gofile.io"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701176/; classtype:trojan-activity;sid:84564276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701174)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/app.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"golesya.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701174/; classtype:trojan-activity;sid:84564274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701172)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/gizbocasino.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"apkdownload-service.ru"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701172/; classtype:trojan-activity;sid:84564272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701173)"; flow:established,from_client; content:"GET"; http_method; content:"/install/android/ins2/install.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"vibet77.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701173/; classtype:trojan-activity;sid:84564273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701166)"; flow:established,from_client; content:"GET"; http_method; content:"/rustore.apk|3f|t=1762637072"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"rustore.info"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701166/; classtype:trojan-activity;sid:84564266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701167)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701167/; classtype:trojan-activity;sid:84564267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701168/; classtype:trojan-activity;sid:84564268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701169)"; flow:established,from_client; content:"GET"; http_method; content:"/iranian.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"vamfa.site"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701169/; classtype:trojan-activity;sid:84564269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701170)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/download.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ldbgaming24.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701170/; classtype:trojan-activity;sid:84564270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701171)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/overplay138.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"overplay-138.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701171/; classtype:trojan-activity;sid:84564271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701165)"; flow:established,from_client; content:"GET"; http_method; content:"/br/app/protecao_cartao.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"protecaocartao.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701165/; classtype:trojan-activity;sid:84564265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701164)"; flow:established,from_client; content:"GET"; http_method; content:"/page/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"zzoomiinvitee.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701164/; classtype:trojan-activity;sid:84564264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701161/; classtype:trojan-activity;sid:84564261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701162/; classtype:trojan-activity;sid:84564262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701163/; classtype:trojan-activity;sid:84564263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701154)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701154/; classtype:trojan-activity;sid:84564254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701155)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701155/; classtype:trojan-activity;sid:84564255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701156/; classtype:trojan-activity;sid:84564256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701157/; classtype:trojan-activity;sid:84564257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701158)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701158/; classtype:trojan-activity;sid:84564258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i486"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701159/; classtype:trojan-activity;sid:84564259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701160/; classtype:trojan-activity;sid:84564260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.201.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701153/; classtype:trojan-activity;sid:84564253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.86.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701151/; classtype:trojan-activity;sid:84564251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.32.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701152/; classtype:trojan-activity;sid:84564252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701150/; classtype:trojan-activity;sid:84564250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.152.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701149/; classtype:trojan-activity;sid:84564249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701148)"; flow:established,from_client; content:"GET"; http_method; content:"/hg980kvl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"l3.sm0kewood.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701148/; classtype:trojan-activity;sid:84564248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.185.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701147/; classtype:trojan-activity;sid:84564247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.117.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701145/; classtype:trojan-activity;sid:84564245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.147.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701146/; classtype:trojan-activity;sid:84564246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.109.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701144/; classtype:trojan-activity;sid:84564244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701143/; classtype:trojan-activity;sid:84564243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.193.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701142/; classtype:trojan-activity;sid:84564242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.231.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701141/; classtype:trojan-activity;sid:84564241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.97.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701140/; classtype:trojan-activity;sid:84564240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.133.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701139/; classtype:trojan-activity;sid:84564239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.144.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701138/; classtype:trojan-activity;sid:84564238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.84.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701137/; classtype:trojan-activity;sid:84564237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701136/; classtype:trojan-activity;sid:84564236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.231.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701135/; classtype:trojan-activity;sid:84564235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.73.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701134/; classtype:trojan-activity;sid:84564234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701133/; classtype:trojan-activity;sid:84564233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.117.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701132/; classtype:trojan-activity;sid:84564232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.193.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701131/; classtype:trojan-activity;sid:84564231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.97.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701130/; classtype:trojan-activity;sid:84564230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.0.46.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701128/; classtype:trojan-activity;sid:84564228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701129/; classtype:trojan-activity;sid:84564229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701127)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/1vkdkygc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pixeldrain.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701127/; classtype:trojan-activity;sid:84564227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701126)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/o8cgfwc.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701126/; classtype:trojan-activity;sid:84564226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701124)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106135533.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"hullabusch.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701124/; classtype:trojan-activity;sid:84564224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701125)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251105162951.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"cryyp.42web.io"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701125/; classtype:trojan-activity;sid:84564225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701123)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251107114801.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ailber.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701123/; classtype:trojan-activity;sid:84564223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701122)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701122/; classtype:trojan-activity;sid:84564222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701121)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6350135267/ytoejds.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701121/; classtype:trojan-activity;sid:84564221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.255.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701120/; classtype:trojan-activity;sid:84564220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701119/; classtype:trojan-activity;sid:84564219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701118)"; flow:established,from_client; content:"GET"; http_method; content:"/xmllhd19"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"brook.frostfox.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701118/; classtype:trojan-activity;sid:84564218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701117/; classtype:trojan-activity;sid:84564217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701116/; classtype:trojan-activity;sid:84564216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701115)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6075866260/a5lxijs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701115/; classtype:trojan-activity;sid:84564215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.193.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701114/; classtype:trojan-activity;sid:84564214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701112/; classtype:trojan-activity;sid:84564212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701113/; classtype:trojan-activity;sid:84564213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701111/; classtype:trojan-activity;sid:84564211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.164"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701110/; classtype:trojan-activity;sid:84564210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.255.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701109/; classtype:trojan-activity;sid:84564209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"199.16.59.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701108/; classtype:trojan-activity;sid:84564208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701107)"; flow:established,from_client; content:"GET"; http_method; content:"/z6draprx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"klee.cometpfad.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701107/; classtype:trojan-activity;sid:84564207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.69.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701106/; classtype:trojan-activity;sid:84564206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.36.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701105/; classtype:trojan-activity;sid:84564205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.193.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701104/; classtype:trojan-activity;sid:84564204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701103)"; flow:established,from_client; content:"GET"; http_method; content:"/bidh1og4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gleis.cometpfad.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701103/; classtype:trojan-activity;sid:84564203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.196.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701102/; classtype:trojan-activity;sid:84564202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.247.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701101/; classtype:trojan-activity;sid:84564201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.221.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701100/; classtype:trojan-activity;sid:84564200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701099/; classtype:trojan-activity;sid:84564199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701097)"; flow:established,from_client; content:"GET"; http_method; content:"/l1b3korh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mond.cometpfad.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701097/; classtype:trojan-activity;sid:84564197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.166.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701098/; classtype:trojan-activity;sid:84564198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701096/; classtype:trojan-activity;sid:84564196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701095/; classtype:trojan-activity;sid:84564195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.221.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701094/; classtype:trojan-activity;sid:84564194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701093/; classtype:trojan-activity;sid:84564193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701092)"; flow:established,from_client; content:"GET"; http_method; content:"/w75wrhp5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"glut.ravenkamm.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701092/; classtype:trojan-activity;sid:84564192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.196.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701091/; classtype:trojan-activity;sid:84564191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701090)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701090/; classtype:trojan-activity;sid:84564190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701089)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701089/; classtype:trojan-activity;sid:84564189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701083)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701083/; classtype:trojan-activity;sid:84564183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701084)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701084/; classtype:trojan-activity;sid:84564184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701085)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701085/; classtype:trojan-activity;sid:84564185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701086)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701086/; classtype:trojan-activity;sid:84564186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701087)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701087/; classtype:trojan-activity;sid:84564187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701088)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701088/; classtype:trojan-activity;sid:84564188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701082)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701082/; classtype:trojan-activity;sid:84564182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701081/; classtype:trojan-activity;sid:84564181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.166.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701080/; classtype:trojan-activity;sid:84564180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701079/; classtype:trojan-activity;sid:84564179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701078)"; flow:established,from_client; content:"GET"; http_method; content:"/75dlur6u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufer.ravenkamm.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701078/; classtype:trojan-activity;sid:84564178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701077)"; flow:established,from_client; content:"GET"; http_method; content:"/i1ruwcmj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nacht.stormgrat.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701077/; classtype:trojan-activity;sid:84564177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.171.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701076/; classtype:trojan-activity;sid:84564176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701075)"; flow:established,from_client; content:"GET"; http_method; content:"/eh761mih"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"blatt.stormgrat.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701075/; classtype:trojan-activity;sid:84564175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.94.31.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701073/; classtype:trojan-activity;sid:84564173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.210.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701074/; classtype:trojan-activity;sid:84564174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.178.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701072/; classtype:trojan-activity;sid:84564172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.129.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701071/; classtype:trojan-activity;sid:84564171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.147.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701070/; classtype:trojan-activity;sid:84564170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.42.90.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701069/; classtype:trojan-activity;sid:84564169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701068/; classtype:trojan-activity;sid:84564168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.229.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701067/; classtype:trojan-activity;sid:84564167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701066)"; flow:established,from_client; content:"GET"; http_method; content:"/ivq3a0ts"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tau.polarhafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701066/; classtype:trojan-activity;sid:84564166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.210.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701065/; classtype:trojan-activity;sid:84564165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.129.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701064/; classtype:trojan-activity;sid:84564164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701063)"; flow:established,from_client; content:"GET"; http_method; content:"/nuf2gh3y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fjord.polarhafen.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701063/; classtype:trojan-activity;sid:84564163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701062/; classtype:trojan-activity;sid:84564162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.34.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701061/; classtype:trojan-activity;sid:84564161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701060)"; flow:established,from_client; content:"GET"; http_method; content:"/wku2fu0o"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wolfe.pixelbuche.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701060/; classtype:trojan-activity;sid:84564160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701059)"; flow:established,from_client; content:"GET"; http_method; content:"/7i8yknz0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"birch.pixelbuche.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701059/; classtype:trojan-activity;sid:84564159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701058/; classtype:trojan-activity;sid:84564158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701057)"; flow:established,from_client; content:"GET"; http_method; content:"/ixhsgyvl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stern.pixelbuche.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701057/; classtype:trojan-activity;sid:84564157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.86.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701056/; classtype:trojan-activity;sid:84564156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701055/; classtype:trojan-activity;sid:84564155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701054)"; flow:established,from_client; content:"GET"; http_method; content:"/9giyjsoi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fauna.driftkrone.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701054/; classtype:trojan-activity;sid:84564154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.176.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701053/; classtype:trojan-activity;sid:84564153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.202.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701052/; classtype:trojan-activity;sid:84564152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.63.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701051/; classtype:trojan-activity;sid:84564151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.202.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701050/; classtype:trojan-activity;sid:84564150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.116.149.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701049/; classtype:trojan-activity;sid:84564149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701048/; classtype:trojan-activity;sid:84564148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.245.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701047/; classtype:trojan-activity;sid:84564147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.47.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701046/; classtype:trojan-activity;sid:84564146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.67.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701045/; classtype:trojan-activity;sid:84564145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701044)"; flow:established,from_client; content:"GET"; http_method; content:"/dsqfte2t"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gleis.driftkrone.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701044/; classtype:trojan-activity;sid:84564144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.86.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701043/; classtype:trojan-activity;sid:84564143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.84.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701041/; classtype:trojan-activity;sid:84564141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.176.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701042/; classtype:trojan-activity;sid:84564142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.63.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701040/; classtype:trojan-activity;sid:84564140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.0.46.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701039/; classtype:trojan-activity;sid:84564139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.116.149.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701038/; classtype:trojan-activity;sid:84564138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.67.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701037/; classtype:trojan-activity;sid:84564137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.36.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701036/; classtype:trojan-activity;sid:84564136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.193.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701035/; classtype:trojan-activity;sid:84564135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701034)"; flow:established,from_client; content:"GET"; http_method; content:"/uzl5ipz7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.frostgipfel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701034/; classtype:trojan-activity;sid:84564134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.207.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701033/; classtype:trojan-activity;sid:84564133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701032/; classtype:trojan-activity;sid:84564132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.36.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701031/; classtype:trojan-activity;sid:84564131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.33.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701030/; classtype:trojan-activity;sid:84564130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701029/; classtype:trojan-activity;sid:84564129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701028)"; flow:established,from_client; content:"GET"; http_method; content:"/p9qw0x5g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dampf.frostgipfel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701028/; classtype:trojan-activity;sid:84564128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.60.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701027/; classtype:trojan-activity;sid:84564127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.207.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701026/; classtype:trojan-activity;sid:84564126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.5.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701025/; classtype:trojan-activity;sid:84564125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.185.93.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701024/; classtype:trojan-activity;sid:84564124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.33.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701023/; classtype:trojan-activity;sid:84564123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701022)"; flow:established,from_client; content:"GET"; http_method; content:"/9ld27l71"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ufer.cedarsteg.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701022/; classtype:trojan-activity;sid:84564122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.44.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701020/; classtype:trojan-activity;sid:84564120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.129.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701021/; classtype:trojan-activity;sid:84564121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.185.93.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701019/; classtype:trojan-activity;sid:84564119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.86.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701018/; classtype:trojan-activity;sid:84564118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.60.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701017/; classtype:trojan-activity;sid:84564117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701015)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/3h8g2fc.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701015/; classtype:trojan-activity;sid:84564115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.60.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701016/; classtype:trojan-activity;sid:84564116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701014)"; flow:established,from_client; content:"GET"; http_method; content:"/ls0z2cyi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nacht.cedarsteg.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701014/; classtype:trojan-activity;sid:84564114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.131.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701013/; classtype:trojan-activity;sid:84564113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701012)"; flow:established,from_client; content:"GET"; http_method; content:"/ntoh3x4f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zorn.brassgipfel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701012/; classtype:trojan-activity;sid:84564112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.160.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701011/; classtype:trojan-activity;sid:84564111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.44.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701010/; classtype:trojan-activity;sid:84564110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701009/; classtype:trojan-activity;sid:84564109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.60.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701008/; classtype:trojan-activity;sid:84564108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.118.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701007/; classtype:trojan-activity;sid:84564107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.37.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701006/; classtype:trojan-activity;sid:84564106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701005/; classtype:trojan-activity;sid:84564105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701004)"; flow:established,from_client; content:"GET"; http_method; content:"/pjvhotrr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dorn.ironklippe.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701004/; classtype:trojan-activity;sid:84564104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701003)"; flow:established,from_client; content:"GET"; http_method; content:"/7r3un0wn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"harz.ironklippe.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701003/; classtype:trojan-activity;sid:84564103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.184.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701002/; classtype:trojan-activity;sid:84564102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.118.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701001/; classtype:trojan-activity;sid:84564101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.37.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701000/; classtype:trojan-activity;sid:84564100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.2.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700999/; classtype:trojan-activity;sid:84564099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700998/; classtype:trojan-activity;sid:84564098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.179.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700997/; classtype:trojan-activity;sid:84564097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700996)"; flow:established,from_client; content:"GET"; http_method; content:"/2va3gx3x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rauch.swiftgasse.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700996/; classtype:trojan-activity;sid:84564096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700995/; classtype:trojan-activity;sid:84564095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.184.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700994/; classtype:trojan-activity;sid:84564094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.200.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700993/; classtype:trojan-activity;sid:84564093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.49.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700992/; classtype:trojan-activity;sid:84564092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700991/; classtype:trojan-activity;sid:84564091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.236.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700990/; classtype:trojan-activity;sid:84564090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.180.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700989/; classtype:trojan-activity;sid:84564089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700988)"; flow:established,from_client; content:"GET"; http_method; content:"/ctv0wafz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fjord.quillwinkel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700988/; classtype:trojan-activity;sid:84564088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.236.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700987/; classtype:trojan-activity;sid:84564087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700986)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700986/; classtype:trojan-activity;sid:84564086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700985)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700985/; classtype:trojan-activity;sid:84564085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.157.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700984/; classtype:trojan-activity;sid:84564084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700983)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700983/; classtype:trojan-activity;sid:84564083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700981)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700981/; classtype:trojan-activity;sid:84564081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700982)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700982/; classtype:trojan-activity;sid:84564082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700977)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700977/; classtype:trojan-activity;sid:84564077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700978)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700978/; classtype:trojan-activity;sid:84564078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700979)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700979/; classtype:trojan-activity;sid:84564079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700980)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700980/; classtype:trojan-activity;sid:84564080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700964)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700964/; classtype:trojan-activity;sid:84564064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700965)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700965/; classtype:trojan-activity;sid:84564065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700966)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700966/; classtype:trojan-activity;sid:84564066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700967)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700967/; classtype:trojan-activity;sid:84564067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700968)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700968/; classtype:trojan-activity;sid:84564068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700969)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700969/; classtype:trojan-activity;sid:84564069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700970)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700970/; classtype:trojan-activity;sid:84564070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700971)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700971/; classtype:trojan-activity;sid:84564071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700972)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700972/; classtype:trojan-activity;sid:84564072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700973)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700973/; classtype:trojan-activity;sid:84564073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700974)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700974/; classtype:trojan-activity;sid:84564074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700975)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700975/; classtype:trojan-activity;sid:84564075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700976)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.116.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700976/; classtype:trojan-activity;sid:84564076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.134.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700963/; classtype:trojan-activity;sid:84564063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.180.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700962/; classtype:trojan-activity;sid:84564062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.5.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700961/; classtype:trojan-activity;sid:84564061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700960)"; flow:established,from_client; content:"GET"; http_method; content:"/k9y33efg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t3.sn0wmint.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700960/; classtype:trojan-activity;sid:84564060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.134.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3700959/; classtype:trojan-activity;sid:84564059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.37.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700958/; classtype:trojan-activity;sid:84564058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700957)"; flow:established,from_client; content:"GET"; http_method; content:"/4v4c6903"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2xado.oak-ember.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700957/; classtype:trojan-activity;sid:84564057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.132.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700956/; classtype:trojan-activity;sid:84564056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700955)"; flow:established,from_client; content:"GET"; http_method; content:"/5vd5vuwc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qcn6.oak-ember.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700955/; classtype:trojan-activity;sid:84564055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700954)"; flow:established,from_client; content:"GET"; http_method; content:"/kjf947ak"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eiyxc.fl0wbud.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700954/; classtype:trojan-activity;sid:84564054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700953)"; flow:established,from_client; content:"GET"; http_method; content:"/gw3bo7wz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b4.fl0wbud.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700953/; classtype:trojan-activity;sid:84564053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.227.246.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700952/; classtype:trojan-activity;sid:84564052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.133.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700951/; classtype:trojan-activity;sid:84564051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700950/; classtype:trojan-activity;sid:84564050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700949)"; flow:established,from_client; content:"GET"; http_method; content:"/vz9q4kvv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2qn80.fl0wbud.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700949/; classtype:trojan-activity;sid:84564049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.93.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700948/; classtype:trojan-activity;sid:84564048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.69.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700947/; classtype:trojan-activity;sid:84564047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700946)"; flow:established,from_client; content:"GET"; http_method; content:"/q6b9ui76"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uy4g.fl-0-wbud.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700946/; classtype:trojan-activity;sid:84564046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.133.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700945/; classtype:trojan-activity;sid:84564045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.255.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700944/; classtype:trojan-activity;sid:84564044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.227.246.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700943/; classtype:trojan-activity;sid:84564043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.148.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700942/; classtype:trojan-activity;sid:84564042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700941)"; flow:established,from_client; content:"GET"; http_method; content:"/5tjtpmpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"o6.fl-0-wbud.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700941/; classtype:trojan-activity;sid:84564041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.209.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700940/; classtype:trojan-activity;sid:84564040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.69.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700939/; classtype:trojan-activity;sid:84564039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700938)"; flow:established,from_client; content:"GET"; http_method; content:"/exjuuxqt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e4.fog-map.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700938/; classtype:trojan-activity;sid:84564038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.75.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700937/; classtype:trojan-activity;sid:84564037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.196.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700936/; classtype:trojan-activity;sid:84564036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700935)"; flow:established,from_client; content:"GET"; http_method; content:"/files/comet/random.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700935/; classtype:trojan-activity;sid:84564035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.48.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700934/; classtype:trojan-activity;sid:84564034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.209.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700933/; classtype:trojan-activity;sid:84564033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.132.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700932/; classtype:trojan-activity;sid:84564032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700931)"; flow:established,from_client; content:"GET"; http_method; content:"/fnlmoeue"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hd1p.r1mrock.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700931/; classtype:trojan-activity;sid:84564031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700930/; classtype:trojan-activity;sid:84564030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.202.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700929/; classtype:trojan-activity;sid:84564029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700928)"; flow:established,from_client; content:"GET"; http_method; content:"/01r26kdp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kzw.lakeray.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700928/; classtype:trojan-activity;sid:84564028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.108.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700927/; classtype:trojan-activity;sid:84564027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.208.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700926/; classtype:trojan-activity;sid:84564026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.176.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700925/; classtype:trojan-activity;sid:84564025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.202.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700924/; classtype:trojan-activity;sid:84564024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.213.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700923/; classtype:trojan-activity;sid:84564023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.208.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700922/; classtype:trojan-activity;sid:84564022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.176.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700921/; classtype:trojan-activity;sid:84564021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700920)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6350135267/j3bh2hv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700920/; classtype:trojan-activity;sid:84564020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.108.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700919/; classtype:trojan-activity;sid:84564019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700918)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6350135267/ytoejds.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700918/; classtype:trojan-activity;sid:84564018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.213.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700917/; classtype:trojan-activity;sid:84564017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700916)"; flow:established,from_client; content:"GET"; http_method; content:"/l7m0xdiz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5jxd.r-1-mrock.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700916/; classtype:trojan-activity;sid:84564016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.231.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700915/; classtype:trojan-activity;sid:84564015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.194.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700914/; classtype:trojan-activity;sid:84564014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.9.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700913/; classtype:trojan-activity;sid:84564013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.231.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700912/; classtype:trojan-activity;sid:84564012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.202.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700911/; classtype:trojan-activity;sid:84564011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700910)"; flow:established,from_client; content:"GET"; http_method; content:"/c0g49bhk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0gk.lake-ray.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700910/; classtype:trojan-activity;sid:84564010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.9.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700909/; classtype:trojan-activity;sid:84564009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700908/; classtype:trojan-activity;sid:84564008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700907)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7799503374/h3hvwku.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700907/; classtype:trojan-activity;sid:84564007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700906)"; flow:established,from_client; content:"GET"; http_method; content:"/xt76vn5g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2luj.pooflare.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700906/; classtype:trojan-activity;sid:84564006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700905)"; flow:established,from_client; content:"GET"; http_method; content:"/wlwldim1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"39o1.oakember.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700905/; classtype:trojan-activity;sid:84564005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.194.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700904/; classtype:trojan-activity;sid:84564004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700903/; classtype:trojan-activity;sid:84564003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.63.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700902/; classtype:trojan-activity;sid:84564002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.81.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700901/; classtype:trojan-activity;sid:84564001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700900/; classtype:trojan-activity;sid:84564000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.156.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700899/; classtype:trojan-activity;sid:84563999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.201.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700898/; classtype:trojan-activity;sid:84563998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.28.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700897/; classtype:trojan-activity;sid:84563997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.63.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700896/; classtype:trojan-activity;sid:84563996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700895)"; flow:established,from_client; content:"GET"; http_method; content:"/jrbk9k82"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k0w2j.skyaxe.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700895/; classtype:trojan-activity;sid:84563995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700893/; classtype:trojan-activity;sid:84563993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.81.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700894/; classtype:trojan-activity;sid:84563994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700892)"; flow:established,from_client; content:"GET"; http_method; content:"/pjiqc9ia"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x2r.icetap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700892/; classtype:trojan-activity;sid:84563992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.18.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700891/; classtype:trojan-activity;sid:84563991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700890/; classtype:trojan-activity;sid:84563990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700889)"; flow:established,from_client; content:"GET"; http_method; content:"/q4v04wja"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jbp.icetap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700889/; classtype:trojan-activity;sid:84563989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.201.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700888/; classtype:trojan-activity;sid:84563988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.183.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700887/; classtype:trojan-activity;sid:84563987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.159.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700886/; classtype:trojan-activity;sid:84563986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.217.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700885/; classtype:trojan-activity;sid:84563985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.28.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700884/; classtype:trojan-activity;sid:84563984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.90.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700883/; classtype:trojan-activity;sid:84563983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700882/; classtype:trojan-activity;sid:84563982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.247.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700881/; classtype:trojan-activity;sid:84563981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.136.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700880/; classtype:trojan-activity;sid:84563980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.217.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700879/; classtype:trojan-activity;sid:84563979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700878/; classtype:trojan-activity;sid:84563978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.126.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700877/; classtype:trojan-activity;sid:84563977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.18.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700876/; classtype:trojan-activity;sid:84563976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700875)"; flow:established,from_client; content:"GET"; http_method; content:"/4uxocmjz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14ba.fogmap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700875/; classtype:trojan-activity;sid:84563975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.136.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700874/; classtype:trojan-activity;sid:84563974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700873)"; flow:established,from_client; content:"GET"; http_method; content:"/7pys78hd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"eu5.fogmap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700873/; classtype:trojan-activity;sid:84563973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700872/; classtype:trojan-activity;sid:84563972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700871)"; flow:established,from_client; content:"GET"; http_method; content:"/yrwskq96"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mr5.fogmap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700871/; classtype:trojan-activity;sid:84563971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700870)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700870/; classtype:trojan-activity;sid:84563970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700869)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700869/; classtype:trojan-activity;sid:84563969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700868)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700868/; classtype:trojan-activity;sid:84563968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700867)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700867/; classtype:trojan-activity;sid:84563967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700861)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700861/; classtype:trojan-activity;sid:84563961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700862)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700862/; classtype:trojan-activity;sid:84563962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700863)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700863/; classtype:trojan-activity;sid:84563963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700864)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700864/; classtype:trojan-activity;sid:84563964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700865)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700865/; classtype:trojan-activity;sid:84563965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700866)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2.57.19.62"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700866/; classtype:trojan-activity;sid:84563966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700860/; classtype:trojan-activity;sid:84563960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700859)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/1/2/3/tyma.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700859/; classtype:trojan-activity;sid:84563959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700857)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb2wsf/4/5/6/kola.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700857/; classtype:trojan-activity;sid:84563957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700858)"; flow:established,from_client; content:"GET"; http_method; content:"/wya/r537js829031.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700858/; classtype:trojan-activity;sid:84563958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700855)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb3wsf/7/8/9/uju.wsf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700855/; classtype:trojan-activity;sid:84563955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700856)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/tyma.wsf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700856/; classtype:trojan-activity;sid:84563956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700853)"; flow:established,from_client; content:"GET"; http_method; content:"/rup/re-5704937421.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700853/; classtype:trojan-activity;sid:84563953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700854)"; flow:established,from_client; content:"GET"; http_method; content:"/w1pp/r503749j637r01.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700854/; classtype:trojan-activity;sid:84563954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.91.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700852/; classtype:trojan-activity;sid:84563952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700850)"; flow:established,from_client; content:"GET"; http_method; content:"/wya/r537js829031.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700850/; classtype:trojan-activity;sid:84563950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700851)"; flow:established,from_client; content:"GET"; http_method; content:"/rup/re-5704937421.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700851/; classtype:trojan-activity;sid:84563951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700849)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27starqq.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700849/; classtype:trojan-activity;sid:84563949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700848)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27mainrq.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700848/; classtype:trojan-activity;sid:84563948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700847)"; flow:established,from_client; content:"GET"; http_method; content:"/7jeff/yjeff.wsf"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"arrived-answers-restoration-screenshots.trycloudflare.com"; http_host; depth:57; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700847/; classtype:trojan-activity;sid:84563947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700846)"; flow:established,from_client; content:"GET"; http_method; content:"/yolo.wsf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700846/; classtype:trojan-activity;sid:84563946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700843)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/sep01x86_ayoo.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700843/; classtype:trojan-activity;sid:84563943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700844)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27mainrq.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700844/; classtype:trojan-activity;sid:84563944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700845)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb2wsf/4/5/6/kola.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700845/; classtype:trojan-activity;sid:84563945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700835)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/yerk.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700835/; classtype:trojan-activity;sid:84563935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700836)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/rut.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700836/; classtype:trojan-activity;sid:84563936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700837)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb127wsf/7jeff/yjeff.wsf"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700837/; classtype:trojan-activity;sid:84563937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700838)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/tyma.wsf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700838/; classtype:trojan-activity;sid:84563938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700839)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/1/2/3/tyma.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700839/; classtype:trojan-activity;sid:84563939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700840)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/sep01x86_ayoo.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700840/; classtype:trojan-activity;sid:84563940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700841)"; flow:established,from_client; content:"GET"; http_method; content:"/replytowsf/bank/benk.wsf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700841/; classtype:trojan-activity;sid:84563941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700842)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27starqq.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700842/; classtype:trojan-activity;sid:84563942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700834)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27sfsa.bat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700834/; classtype:trojan-activity;sid:84563934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700829)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb3wsf/7/8/9/uju.wsf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700829/; classtype:trojan-activity;sid:84563929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700830)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/yerk.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700830/; classtype:trojan-activity;sid:84563930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700831)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/jeff.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700831/; classtype:trojan-activity;sid:84563931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700832)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/rut.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700832/; classtype:trojan-activity;sid:84563932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700833)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/pool.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700833/; classtype:trojan-activity;sid:84563933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700828)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/kgb.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700828/; classtype:trojan-activity;sid:84563928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700816)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb127wsf/7jeff/yjeff.wsf"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700816/; classtype:trojan-activity;sid:84563916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700817)"; flow:established,from_client; content:"GET"; http_method; content:"/w1pp/r503749j637r01.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.219.239.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700817/; classtype:trojan-activity;sid:84563917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700818)"; flow:established,from_client; content:"GET"; http_method; content:"/qy.wsh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700818/; classtype:trojan-activity;sid:84563918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700819)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb227wsf/pyank/pyan.wsf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700819/; classtype:trojan-activity;sid:84563919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700820)"; flow:established,from_client; content:"GET"; http_method; content:"/replytowsf/bank/benk.wsf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700820/; classtype:trojan-activity;sid:84563920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700821)"; flow:established,from_client; content:"GET"; http_method; content:"/sep01lnk/re-t509320913.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700821/; classtype:trojan-activity;sid:84563921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700822)"; flow:established,from_client; content:"GET"; http_method; content:"/qy.wsh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700822/; classtype:trojan-activity;sid:84563922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700823)"; flow:established,from_client; content:"GET"; http_method; content:"/sep01lnk/re-t509320913.pdf.lnk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700823/; classtype:trojan-activity;sid:84563923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700824)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb227wsf/pyank/pyan.wsf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700824/; classtype:trojan-activity;sid:84563924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700825)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/kgb.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700825/; classtype:trojan-activity;sid:84563925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700826)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/fbi.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700826/; classtype:trojan-activity;sid:84563926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700827)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/fbi.bat"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700827/; classtype:trojan-activity;sid:84563927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700814)"; flow:established,from_client; content:"GET"; http_method; content:"/bro.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700814/; classtype:trojan-activity;sid:84563914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700815)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/pool.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700815/; classtype:trojan-activity;sid:84563915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700812)"; flow:established,from_client; content:"GET"; http_method; content:"/bro.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700812/; classtype:trojan-activity;sid:84563912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700813)"; flow:established,from_client; content:"GET"; http_method; content:"/rent.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tamku.shop"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700813/; classtype:trojan-activity;sid:84563913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700809)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27zip/oct27sfsa.bat"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700809/; classtype:trojan-activity;sid:84563909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700810)"; flow:established,from_client; content:"GET"; http_method; content:"/yolo.wsf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700810/; classtype:trojan-activity;sid:84563910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700811)"; flow:established,from_client; content:"GET"; http_method; content:"/0ct27bat/jeff.bat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700811/; classtype:trojan-activity;sid:84563911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700808)"; flow:established,from_client; content:"GET"; http_method; content:"/rent.bat"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.219.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700808/; classtype:trojan-activity;sid:84563908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.241.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700807/; classtype:trojan-activity;sid:84563907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700805/; classtype:trojan-activity;sid:84563905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700806)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700806/; classtype:trojan-activity;sid:84563906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700803/; classtype:trojan-activity;sid:84563903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700804/; classtype:trojan-activity;sid:84563904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700802/; classtype:trojan-activity;sid:84563902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700801/; classtype:trojan-activity;sid:84563901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700798)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700798/; classtype:trojan-activity;sid:84563898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700799/; classtype:trojan-activity;sid:84563899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700800/; classtype:trojan-activity;sid:84563900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700792)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700792/; classtype:trojan-activity;sid:84563892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700793)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700793/; classtype:trojan-activity;sid:84563893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700794)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700794/; classtype:trojan-activity;sid:84563894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700795)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700795/; classtype:trojan-activity;sid:84563895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700796)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700796/; classtype:trojan-activity;sid:84563896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"botevecc.boteve.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700797/; classtype:trojan-activity;sid:84563897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700787/; classtype:trojan-activity;sid:84563887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700788)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700788/; classtype:trojan-activity;sid:84563888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700784/; classtype:trojan-activity;sid:84563884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700785)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700785/; classtype:trojan-activity;sid:84563885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700786/; classtype:trojan-activity;sid:84563886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700783/; classtype:trojan-activity;sid:84563883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700782)"; flow:established,from_client; content:"GET"; http_method; content:"/jewn.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700782/; classtype:trojan-activity;sid:84563882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700776/; classtype:trojan-activity;sid:84563876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700777/; classtype:trojan-activity;sid:84563877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700778/; classtype:trojan-activity;sid:84563878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700779/; classtype:trojan-activity;sid:84563879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700780/; classtype:trojan-activity;sid:84563880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700781/; classtype:trojan-activity;sid:84563881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700774/; classtype:trojan-activity;sid:84563874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kidsrun.vrace.vn"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700775/; classtype:trojan-activity;sid:84563875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700769/; classtype:trojan-activity;sid:84563869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700770/; classtype:trojan-activity;sid:84563870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700771/; classtype:trojan-activity;sid:84563871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700772/; classtype:trojan-activity;sid:84563872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700773/; classtype:trojan-activity;sid:84563873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700765/; classtype:trojan-activity;sid:84563865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700766)"; flow:established,from_client; content:"GET"; http_method; content:"/jewn.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700766/; classtype:trojan-activity;sid:84563866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700767/; classtype:trojan-activity;sid:84563867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700768/; classtype:trojan-activity;sid:84563868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700764)"; flow:established,from_client; content:"GET"; http_method; content:"/jdi35t.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700764/; classtype:trojan-activity;sid:84563864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700763)"; flow:established,from_client; content:"GET"; http_method; content:"/qz2smw.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700763/; classtype:trojan-activity;sid:84563863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.2.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700762/; classtype:trojan-activity;sid:84563862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700761)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106152534.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzz.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700761/; classtype:trojan-activity;sid:84563861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700760)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106152523.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzz.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700760/; classtype:trojan-activity;sid:84563860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.230.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700758/; classtype:trojan-activity;sid:84563858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.192.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700759/; classtype:trojan-activity;sid:84563859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700757)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106103452.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzz.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700757/; classtype:trojan-activity;sid:84563857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700756)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106103521.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzz.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700756/; classtype:trojan-activity;sid:84563856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700755/; classtype:trojan-activity;sid:84563855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.52.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700754/; classtype:trojan-activity;sid:84563854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700753)"; flow:established,from_client; content:"GET"; http_method; content:"/udonthani.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pub-37f3a615586d47f4996e932bf6df7670.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700753/; classtype:trojan-activity;sid:84563853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700752)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/vmdocumentos.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"sitioseguroswpersonasapp.duckdns.org"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700752/; classtype:trojan-activity;sid:84563852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700751)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_20251104/optimized_msi.png"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700751/; classtype:trojan-activity;sid:84563851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.91.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700750/; classtype:trojan-activity;sid:84563850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700749/; classtype:trojan-activity;sid:84563849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700748)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251105145424.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700748/; classtype:trojan-activity;sid:84563848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700747)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106224933.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700747/; classtype:trojan-activity;sid:84563847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700746)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251105145406.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700746/; classtype:trojan-activity;sid:84563846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700745)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106180453.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"tupuu.42web.io"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700745/; classtype:trojan-activity;sid:84563845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700741)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251107065510.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700741/; classtype:trojan-activity;sid:84563841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700742)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106180510.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"tupuu.42web.io"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700742/; classtype:trojan-activity;sid:84563842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700743)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251107065502.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700743/; classtype:trojan-activity;sid:84563843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700744)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251107180528.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700744/; classtype:trojan-activity;sid:84563844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700740)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251104154848.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"freshonline.lovestoblog.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700740/; classtype:trojan-activity;sid:84563840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.43.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700739/; classtype:trojan-activity;sid:84563839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.116.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700738/; classtype:trojan-activity;sid:84563838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.238.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700737/; classtype:trojan-activity;sid:84563837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.230.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700736/; classtype:trojan-activity;sid:84563836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.152.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700735/; classtype:trojan-activity;sid:84563835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700734/; classtype:trojan-activity;sid:84563834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.4.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700733/; classtype:trojan-activity;sid:84563833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.169.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700732/; classtype:trojan-activity;sid:84563832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700731)"; flow:established,from_client; content:"GET"; http_method; content:"/qq1lot0r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0okm8.dew-root.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700731/; classtype:trojan-activity;sid:84563831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.238.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700730/; classtype:trojan-activity;sid:84563830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.45.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700729/; classtype:trojan-activity;sid:84563829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.206.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700728/; classtype:trojan-activity;sid:84563828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700727)"; flow:established,from_client; content:"GET"; http_method; content:"/62bl8dlz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h5.dew-root.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700727/; classtype:trojan-activity;sid:84563827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700726/; classtype:trojan-activity;sid:84563826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.241.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700725/; classtype:trojan-activity;sid:84563825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.116.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700724/; classtype:trojan-activity;sid:84563824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.60.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700723/; classtype:trojan-activity;sid:84563823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700722)"; flow:established,from_client; content:"GET"; http_method; content:"/8b7puyo3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8vpz.r0ckveil.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700722/; classtype:trojan-activity;sid:84563822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700721)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700721/; classtype:trojan-activity;sid:84563821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700720)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/overplay138.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"overplay-138.store"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700720/; classtype:trojan-activity;sid:84563820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700719)"; flow:established,from_client; content:"GET"; http_method; content:"/sho.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"shotv.app"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700719/; classtype:trojan-activity;sid:84563819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700718)"; flow:established,from_client; content:"GET"; http_method; content:"/urbanroute.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"urbanroute.life"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700718/; classtype:trojan-activity;sid:84563818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700716)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tiktokporn.sbs"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700716/; classtype:trojan-activity;sid:84563816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700717)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/uploads/install.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"walletlist.pro"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700717/; classtype:trojan-activity;sid:84563817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700714)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700714/; classtype:trojan-activity;sid:84563814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700715)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700715/; classtype:trojan-activity;sid:84563815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.60.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700710/; classtype:trojan-activity;sid:84563810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700711)"; flow:established,from_client; content:"GET"; http_method; content:"/tlauncher-installer-1.9.4.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"t-launcher.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700711/; classtype:trojan-activity;sid:84563811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.152.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700712/; classtype:trojan-activity;sid:84563812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700713)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700713/; classtype:trojan-activity;sid:84563813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700699)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/n/server_encrypted.ps1"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"tvfutcariri.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700699/; classtype:trojan-activity;sid:84563799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700700)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700700/; classtype:trojan-activity;sid:84563800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700701)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700701/; classtype:trojan-activity;sid:84563801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700702)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700702/; classtype:trojan-activity;sid:84563802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700703)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700703/; classtype:trojan-activity;sid:84563803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700704)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700704/; classtype:trojan-activity;sid:84563804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.65.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700705/; classtype:trojan-activity;sid:84563805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700706)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700706/; classtype:trojan-activity;sid:84563806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700707)"; flow:established,from_client; content:"GET"; http_method; content:"/upfile/file/cxm_direct_mt5_terminal.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"xaucxm.vip"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700707/; classtype:trojan-activity;sid:84563807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700708)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"69.5.189.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700708/; classtype:trojan-activity;sid:84563808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700709)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/app.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"golesya.site"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700709/; classtype:trojan-activity;sid:84563809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700698)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tikistok-goolge.sbs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700698/; classtype:trojan-activity;sid:84563798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700696)"; flow:established,from_client; content:"GET"; http_method; content:"/gorabet.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"goramobil.app"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700696/; classtype:trojan-activity;sid:84563796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.242.42.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700697/; classtype:trojan-activity;sid:84563797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700694)"; flow:established,from_client; content:"GET"; http_method; content:"/.smips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.213.193.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700694/; classtype:trojan-activity;sid:84563794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700695)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/schwabsafe.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.103.2.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700695/; classtype:trojan-activity;sid:84563795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700687)"; flow:established,from_client; content:"GET"; http_method; content:"/f.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700687/; classtype:trojan-activity;sid:84563787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700688)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700688/; classtype:trojan-activity;sid:84563788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700689)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700689/; classtype:trojan-activity;sid:84563789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700690)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700690/; classtype:trojan-activity;sid:84563790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700691)"; flow:established,from_client; content:"GET"; http_method; content:"/wlan.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700691/; classtype:trojan-activity;sid:84563791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700692)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700692/; classtype:trojan-activity;sid:84563792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700693)"; flow:established,from_client; content:"GET"; http_method; content:"/sea.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700693/; classtype:trojan-activity;sid:84563793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700686)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700686/; classtype:trojan-activity;sid:84563786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700684)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700684/; classtype:trojan-activity;sid:84563784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700685)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700685/; classtype:trojan-activity;sid:84563785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700683)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700683/; classtype:trojan-activity;sid:84563783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700682)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700682/; classtype:trojan-activity;sid:84563782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700680)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700680/; classtype:trojan-activity;sid:84563780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700681)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700681/; classtype:trojan-activity;sid:84563781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700679)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700679/; classtype:trojan-activity;sid:84563779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700678)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700678/; classtype:trojan-activity;sid:84563778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700677)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700677/; classtype:trojan-activity;sid:84563777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700676)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700676/; classtype:trojan-activity;sid:84563776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700675)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700675/; classtype:trojan-activity;sid:84563775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700674)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700674/; classtype:trojan-activity;sid:84563774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700673)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700673/; classtype:trojan-activity;sid:84563773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700672)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700672/; classtype:trojan-activity;sid:84563772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700671)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700671/; classtype:trojan-activity;sid:84563771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700670)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700670/; classtype:trojan-activity;sid:84563770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700669)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700669/; classtype:trojan-activity;sid:84563769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700668)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700668/; classtype:trojan-activity;sid:84563768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700667)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700667/; classtype:trojan-activity;sid:84563767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.91.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700666/; classtype:trojan-activity;sid:84563766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700665)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700665/; classtype:trojan-activity;sid:84563765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700663)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.111.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700663/; classtype:trojan-activity;sid:84563763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700664)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.233.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700664/; classtype:trojan-activity;sid:84563764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700662)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700662/; classtype:trojan-activity;sid:84563762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700660)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700660/; classtype:trojan-activity;sid:84563760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700661)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700661/; classtype:trojan-activity;sid:84563761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700658)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700658/; classtype:trojan-activity;sid:84563758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700659)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.wcr.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700659/; classtype:trojan-activity;sid:84563759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700655)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.147.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700655/; classtype:trojan-activity;sid:84563755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700656)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700656/; classtype:trojan-activity;sid:84563756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700657)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700657/; classtype:trojan-activity;sid:84563757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700650)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700650/; classtype:trojan-activity;sid:84563750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700651)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700651/; classtype:trojan-activity;sid:84563751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700652)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700652/; classtype:trojan-activity;sid:84563752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700653)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700653/; classtype:trojan-activity;sid:84563753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700654)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700654/; classtype:trojan-activity;sid:84563754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700647)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700647/; classtype:trojan-activity;sid:84563747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700648)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700648/; classtype:trojan-activity;sid:84563748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700649)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.qzj.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700649/; classtype:trojan-activity;sid:84563749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700643)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.wwc.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700643/; classtype:trojan-activity;sid:84563743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700644)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.qbq.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700644/; classtype:trojan-activity;sid:84563744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700645)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.221.248.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700645/; classtype:trojan-activity;sid:84563745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700646)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.sdu.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700646/; classtype:trojan-activity;sid:84563746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700632)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700632/; classtype:trojan-activity;sid:84563732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700633)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700633/; classtype:trojan-activity;sid:84563733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700634)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700634/; classtype:trojan-activity;sid:84563734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700635)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700635/; classtype:trojan-activity;sid:84563735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700636)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700636/; classtype:trojan-activity;sid:84563736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700637)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700637/; classtype:trojan-activity;sid:84563737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700638)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"113.45.205.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700638/; classtype:trojan-activity;sid:84563738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700639)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700639/; classtype:trojan-activity;sid:84563739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700640)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"134.209.96.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700640/; classtype:trojan-activity;sid:84563740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700641)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700641/; classtype:trojan-activity;sid:84563741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700642)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700642/; classtype:trojan-activity;sid:84563742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700629)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700629/; classtype:trojan-activity;sid:84563729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700630)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700630/; classtype:trojan-activity;sid:84563730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700631)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.255.115.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700631/; classtype:trojan-activity;sid:84563731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.93.93.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700626/; classtype:trojan-activity;sid:84563726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700627)"; flow:established,from_client; content:"GET"; http_method; content:"/rondo.fzr.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"74.194.191.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700627/; classtype:trojan-activity;sid:84563727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700628)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.176.94.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700628/; classtype:trojan-activity;sid:84563728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.93.39.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700625/; classtype:trojan-activity;sid:84563725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.115.249.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700623/; classtype:trojan-activity;sid:84563723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.72.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700624/; classtype:trojan-activity;sid:84563724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.32.24.60"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700622/; classtype:trojan-activity;sid:84563722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700621)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.5.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700621/; classtype:trojan-activity;sid:84563721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700619)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.141.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700619/; classtype:trojan-activity;sid:84563719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700620)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.137.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700620/; classtype:trojan-activity;sid:84563720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700618)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.176.172.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700618/; classtype:trojan-activity;sid:84563718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700615)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.5.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700615/; classtype:trojan-activity;sid:84563715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700616)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.191.215.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700616/; classtype:trojan-activity;sid:84563716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700617)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"97.131.113.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700617/; classtype:trojan-activity;sid:84563717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700614)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.189.143.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700614/; classtype:trojan-activity;sid:84563714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.158.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700613/; classtype:trojan-activity;sid:84563713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.60.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700612/; classtype:trojan-activity;sid:84563712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700611)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/lj5iwxn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700611/; classtype:trojan-activity;sid:84563711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700610/; classtype:trojan-activity;sid:84563710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700609/; classtype:trojan-activity;sid:84563709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700608)"; flow:established,from_client; content:"GET"; http_method; content:"/kz03z1hz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f4vc.clearfog.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700608/; classtype:trojan-activity;sid:84563708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.169.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700607/; classtype:trojan-activity;sid:84563707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700606/; classtype:trojan-activity;sid:84563706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.44.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700605/; classtype:trojan-activity;sid:84563705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.204.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700604/; classtype:trojan-activity;sid:84563704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.194.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700603/; classtype:trojan-activity;sid:84563703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700602/; classtype:trojan-activity;sid:84563702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700601/; classtype:trojan-activity;sid:84563701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700600/; classtype:trojan-activity;sid:84563700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.159.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700599/; classtype:trojan-activity;sid:84563699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.79.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700598/; classtype:trojan-activity;sid:84563698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700597)"; flow:established,from_client; content:"GET"; http_method; content:"/hni5tbx|3f|id=hkm5pszdho"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"standard-analytics-endpoint-54.s3.ca-central-1.amazonaws.com"; http_host; depth:60; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700597/; classtype:trojan-activity;sid:84563697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700596)"; flow:established,from_client; content:"GET"; http_method; content:"/hni5tbx|3f|id=4uzigzgg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"standard-analytics-endpoint-54.s3.ca-central-1.amazonaws.com"; http_host; depth:60; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700596/; classtype:trojan-activity;sid:84563696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700594)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"solomand.pro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700594/; classtype:trojan-activity;sid:84563694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700595)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pixelnoased.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700595/; classtype:trojan-activity;sid:84563695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700593)"; flow:established,from_client; content:"GET"; http_method; content:"/hni5tbx|3f|id=i5wjkzx7u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"standard-analytics-endpoint-54.s3.ca-central-1.amazonaws.com"; http_host; depth:60; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700593/; classtype:trojan-activity;sid:84563693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.200.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700592/; classtype:trojan-activity;sid:84563692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700591)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6577350923/8nv50bm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700591/; classtype:trojan-activity;sid:84563691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.211.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700590/; classtype:trojan-activity;sid:84563690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.200.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700589/; classtype:trojan-activity;sid:84563689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.79.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700588/; classtype:trojan-activity;sid:84563688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.118.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700587/; classtype:trojan-activity;sid:84563687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.246.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700586/; classtype:trojan-activity;sid:84563686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.28.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700585/; classtype:trojan-activity;sid:84563685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700584)"; flow:established,from_client; content:"GET"; http_method; content:"/du1seym1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"n5.1ronpath.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700584/; classtype:trojan-activity;sid:84563684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.245.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700583/; classtype:trojan-activity;sid:84563683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.251.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700582/; classtype:trojan-activity;sid:84563682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.229.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700581/; classtype:trojan-activity;sid:84563681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.176.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700580/; classtype:trojan-activity;sid:84563680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.246.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700579/; classtype:trojan-activity;sid:84563679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.28.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700578/; classtype:trojan-activity;sid:84563678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.176.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700577/; classtype:trojan-activity;sid:84563677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.229.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700576/; classtype:trojan-activity;sid:84563676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.251.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700575/; classtype:trojan-activity;sid:84563675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700574)"; flow:established,from_client; content:"GET"; http_method; content:"/7or8n8t0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5rq9.t1nystar.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700574/; classtype:trojan-activity;sid:84563674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.85.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700573/; classtype:trojan-activity;sid:84563673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.126.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700572/; classtype:trojan-activity;sid:84563672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.58.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700571/; classtype:trojan-activity;sid:84563671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.108.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700570/; classtype:trojan-activity;sid:84563670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700569)"; flow:established,from_client; content:"GET"; http_method; content:"/p83cvjut"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mw9k.t1nystar.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700569/; classtype:trojan-activity;sid:84563669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.36.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700568/; classtype:trojan-activity;sid:84563668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700567)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7909777397/6ybfpn1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700567/; classtype:trojan-activity;sid:84563667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.102.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700566/; classtype:trojan-activity;sid:84563666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700565/; classtype:trojan-activity;sid:84563665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.164.77.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700564/; classtype:trojan-activity;sid:84563664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.30.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700563/; classtype:trojan-activity;sid:84563663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700562)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/nu5o3wv.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700562/; classtype:trojan-activity;sid:84563662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.207.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700561/; classtype:trojan-activity;sid:84563661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700560/; classtype:trojan-activity;sid:84563660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700559)"; flow:established,from_client; content:"GET"; http_method; content:"/9i6v82ne"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"it.g0ldnest.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700559/; classtype:trojan-activity;sid:84563659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.3.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700558/; classtype:trojan-activity;sid:84563658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700557/; classtype:trojan-activity;sid:84563657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700556/; classtype:trojan-activity;sid:84563656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700555/; classtype:trojan-activity;sid:84563655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.164.77.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700554/; classtype:trojan-activity;sid:84563654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700553/; classtype:trojan-activity;sid:84563653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.13.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700552/; classtype:trojan-activity;sid:84563652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.206.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700551/; classtype:trojan-activity;sid:84563651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700549/; classtype:trojan-activity;sid:84563649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700550/; classtype:trojan-activity;sid:84563650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.30.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700548/; classtype:trojan-activity;sid:84563648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.133.217.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700547/; classtype:trojan-activity;sid:84563647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.124.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700546/; classtype:trojan-activity;sid:84563646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700545/; classtype:trojan-activity;sid:84563645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.205.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700544/; classtype:trojan-activity;sid:84563644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.207.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700543/; classtype:trojan-activity;sid:84563643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.3.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700542/; classtype:trojan-activity;sid:84563642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700541/; classtype:trojan-activity;sid:84563641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.206.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700540/; classtype:trojan-activity;sid:84563640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700539)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6633137979/47vkxlw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700539/; classtype:trojan-activity;sid:84563639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.145.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700538/; classtype:trojan-activity;sid:84563638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700537)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.137.247.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700537/; classtype:trojan-activity;sid:84563637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.124.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700536/; classtype:trojan-activity;sid:84563636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.116.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700535/; classtype:trojan-activity;sid:84563635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700534/; classtype:trojan-activity;sid:84563634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700533)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/prwiq2g.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700533/; classtype:trojan-activity;sid:84563633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.133.217.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700532/; classtype:trojan-activity;sid:84563632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700531)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.44.87.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700531/; classtype:trojan-activity;sid:84563631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700530)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/tmp4.elf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700530/; classtype:trojan-activity;sid:84563630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700528)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/temp.elf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700528/; classtype:trojan-activity;sid:84563628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700529)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/elf.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700529/; classtype:trojan-activity;sid:84563629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700520)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/tmp5.elf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700520/; classtype:trojan-activity;sid:84563620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700521)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/tmp.elf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700521/; classtype:trojan-activity;sid:84563621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700522)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/sys.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700522/; classtype:trojan-activity;sid:84563622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700523)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/tmp1.elf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700523/; classtype:trojan-activity;sid:84563623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700524)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/reverse.elf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700524/; classtype:trojan-activity;sid:84563624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700525)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/sup.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700525/; classtype:trojan-activity;sid:84563625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700526)"; flow:established,from_client; content:"GET"; http_method; content:"/http.server/tmp.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700526/; classtype:trojan-activity;sid:84563626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700527)"; flow:established,from_client; content:"GET"; http_method; content:"/123.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.122.27.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700527/; classtype:trojan-activity;sid:84563627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.145.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700519/; classtype:trojan-activity;sid:84563619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.180.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700518/; classtype:trojan-activity;sid:84563618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700517/; classtype:trojan-activity;sid:84563617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700516)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.112.186.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700516/; classtype:trojan-activity;sid:84563616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700515)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.121.222.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700515/; classtype:trojan-activity;sid:84563615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700513)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.120.1.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700513/; classtype:trojan-activity;sid:84563613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700514)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.217.162.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700514/; classtype:trojan-activity;sid:84563614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700512)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.arm5"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700512/; classtype:trojan-activity;sid:84563612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700507)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700507/; classtype:trojan-activity;sid:84563607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700508)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.x86"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700508/; classtype:trojan-activity;sid:84563608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700509)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700509/; classtype:trojan-activity;sid:84563609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700510)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700510/; classtype:trojan-activity;sid:84563610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700511)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700511/; classtype:trojan-activity;sid:84563611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700499)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700499/; classtype:trojan-activity;sid:84563599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700500)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700500/; classtype:trojan-activity;sid:84563600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700501)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700501/; classtype:trojan-activity;sid:84563601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700502)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700502/; classtype:trojan-activity;sid:84563602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700503)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700503/; classtype:trojan-activity;sid:84563603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700504)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700504/; classtype:trojan-activity;sid:84563604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700505)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700505/; classtype:trojan-activity;sid:84563605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700506)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700506/; classtype:trojan-activity;sid:84563606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700490)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700490/; classtype:trojan-activity;sid:84563590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700491)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.mpsl"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700491/; classtype:trojan-activity;sid:84563591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700492)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700492/; classtype:trojan-activity;sid:84563592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700493)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700493/; classtype:trojan-activity;sid:84563593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700494)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/kowai.arm6"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700494/; classtype:trojan-activity;sid:84563594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700495)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700495/; classtype:trojan-activity;sid:84563595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700496)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700496/; classtype:trojan-activity;sid:84563596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700497)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700497/; classtype:trojan-activity;sid:84563597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700498)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700498/; classtype:trojan-activity;sid:84563598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700487)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700487/; classtype:trojan-activity;sid:84563587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700488)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700488/; classtype:trojan-activity;sid:84563588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700489)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700489/; classtype:trojan-activity;sid:84563589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700481)"; flow:established,from_client; content:"GET"; http_method; content:"/0x83911d24fx.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700481/; classtype:trojan-activity;sid:84563581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700482)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700482/; classtype:trojan-activity;sid:84563582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700483)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700483/; classtype:trojan-activity;sid:84563583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700484)"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700484/; classtype:trojan-activity;sid:84563584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700485)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700485/; classtype:trojan-activity;sid:84563585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.144.174.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700486/; classtype:trojan-activity;sid:84563586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700480)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.14.92.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700480/; classtype:trojan-activity;sid:84563580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700479)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700479/; classtype:trojan-activity;sid:84563579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700476)"; flow:established,from_client; content:"GET"; http_method; content:"/t/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.144.174.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700476/; classtype:trojan-activity;sid:84563576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.205.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700477/; classtype:trojan-activity;sid:84563577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700478)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700478/; classtype:trojan-activity;sid:84563578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700461)"; flow:established,from_client; content:"GET"; http_method; content:"/pftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700461/; classtype:trojan-activity;sid:84563561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700462)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700462/; classtype:trojan-activity;sid:84563562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700463)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700463/; classtype:trojan-activity;sid:84563563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700464)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700464/; classtype:trojan-activity;sid:84563564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700465)"; flow:established,from_client; content:"GET"; http_method; content:"/openssh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700465/; classtype:trojan-activity;sid:84563565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700466)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700466/; classtype:trojan-activity;sid:84563566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700467)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.27.2.229"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700467/; classtype:trojan-activity;sid:84563567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700468)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700468/; classtype:trojan-activity;sid:84563568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700469)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700469/; classtype:trojan-activity;sid:84563569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700470)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700470/; classtype:trojan-activity;sid:84563570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700471)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700471/; classtype:trojan-activity;sid:84563571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700472)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700472/; classtype:trojan-activity;sid:84563572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700473)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.30.136.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700473/; classtype:trojan-activity;sid:84563573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700474)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.231.113.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700474/; classtype:trojan-activity;sid:84563574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700475)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.137.70.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700475/; classtype:trojan-activity;sid:84563575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700460)"; flow:established,from_client; content:"GET"; http_method; content:"/esvam3fp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k9jc.n-0-rthw-1-nd.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700460/; classtype:trojan-activity;sid:84563560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.78.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700459/; classtype:trojan-activity;sid:84563559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700458)"; flow:established,from_client; content:"GET"; http_method; content:"/pq7jcqwv"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fnw9.n-0-rthw-1-nd.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700458/; classtype:trojan-activity;sid:84563558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.23.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700457/; classtype:trojan-activity;sid:84563557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.45.179.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700456/; classtype:trojan-activity;sid:84563556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.17.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700455/; classtype:trojan-activity;sid:84563555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.10.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700454/; classtype:trojan-activity;sid:84563554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.17.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700453/; classtype:trojan-activity;sid:84563553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700452)"; flow:established,from_client; content:"GET"; http_method; content:"/33qv6qdj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bynbv.ic0n1ctrove.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700452/; classtype:trojan-activity;sid:84563552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.227.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700451/; classtype:trojan-activity;sid:84563551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.174.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700450/; classtype:trojan-activity;sid:84563550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700449)"; flow:established,from_client; content:"GET"; http_method; content:"/mg7o3bz3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42s.starforged.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700449/; classtype:trojan-activity;sid:84563549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.45.179.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700448/; classtype:trojan-activity;sid:84563548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.10.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700447/; classtype:trojan-activity;sid:84563547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.17.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700446/; classtype:trojan-activity;sid:84563546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.17.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700444/; classtype:trojan-activity;sid:84563544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700445/; classtype:trojan-activity;sid:84563545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.68.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700443/; classtype:trojan-activity;sid:84563543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700442/; classtype:trojan-activity;sid:84563542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.68.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700441/; classtype:trojan-activity;sid:84563541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.65.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700440/; classtype:trojan-activity;sid:84563540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.174.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700439/; classtype:trojan-activity;sid:84563539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.35.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700438/; classtype:trojan-activity;sid:84563538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.105.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700437/; classtype:trojan-activity;sid:84563537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.240.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700436/; classtype:trojan-activity;sid:84563536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700435/; classtype:trojan-activity;sid:84563535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700434)"; flow:established,from_client; content:"GET"; http_method; content:"/0d862pbe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2hk8u.drift-shad-0-w.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700434/; classtype:trojan-activity;sid:84563534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.10.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700433/; classtype:trojan-activity;sid:84563533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700432)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/zdrzm0e.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700432/; classtype:trojan-activity;sid:84563532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700431)"; flow:established,from_client; content:"GET"; http_method; content:"/4kqz5miy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9zpya.drift-shad-0-w.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700431/; classtype:trojan-activity;sid:84563531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.35.61"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700430/; classtype:trojan-activity;sid:84563530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.240.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700429/; classtype:trojan-activity;sid:84563529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.175.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700428/; classtype:trojan-activity;sid:84563528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700427)"; flow:established,from_client; content:"GET"; http_method; content:"/6dqv4zu1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lasxz.drift-shad-0-w.ru"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700427/; classtype:trojan-activity;sid:84563527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700426)"; flow:established,from_client; content:"GET"; http_method; content:"/l514lq6n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"te.ember-harbor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700426/; classtype:trojan-activity;sid:84563526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700422)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700422/; classtype:trojan-activity;sid:84563522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700423)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700423/; classtype:trojan-activity;sid:84563523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700424)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700424/; classtype:trojan-activity;sid:84563524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700425)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700425/; classtype:trojan-activity;sid:84563525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700421)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700421/; classtype:trojan-activity;sid:84563521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700408)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700408/; classtype:trojan-activity;sid:84563508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700409)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700409/; classtype:trojan-activity;sid:84563509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700410)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700410/; classtype:trojan-activity;sid:84563510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700411)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700411/; classtype:trojan-activity;sid:84563511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700412)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700412/; classtype:trojan-activity;sid:84563512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700413)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700413/; classtype:trojan-activity;sid:84563513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700414)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"213.209.143.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700414/; classtype:trojan-activity;sid:84563514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700415)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700415/; classtype:trojan-activity;sid:84563515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700416)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700416/; classtype:trojan-activity;sid:84563516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700417)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700417/; classtype:trojan-activity;sid:84563517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700418)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700418/; classtype:trojan-activity;sid:84563518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700419)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mips"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700419/; classtype:trojan-activity;sid:84563519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700420)"; flow:established,from_client; content:"GET"; http_method; content:"/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"150.40.127.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700420/; classtype:trojan-activity;sid:84563520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.133.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700407/; classtype:trojan-activity;sid:84563507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.109.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700406/; classtype:trojan-activity;sid:84563506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.124.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700405/; classtype:trojan-activity;sid:84563505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.232.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700404/; classtype:trojan-activity;sid:84563504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.186.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700403/; classtype:trojan-activity;sid:84563503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.124.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700402/; classtype:trojan-activity;sid:84563502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.238.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700401/; classtype:trojan-activity;sid:84563501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700400)"; flow:established,from_client; content:"GET"; http_method; content:"/s7yltlsr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cqf47.horizonbloom.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700400/; classtype:trojan-activity;sid:84563500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.48.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700399/; classtype:trojan-activity;sid:84563499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700398)"; flow:established,from_client; content:"GET"; http_method; content:"/vj34dqgl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6lz.horizonbloom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700398/; classtype:trojan-activity;sid:84563498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.232.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700397/; classtype:trojan-activity;sid:84563497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.204.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700396/; classtype:trojan-activity;sid:84563496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700395)"; flow:established,from_client; content:"GET"; http_method; content:"/qtailvb8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"geskw.silversummit.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700395/; classtype:trojan-activity;sid:84563495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.86.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700394/; classtype:trojan-activity;sid:84563494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.133.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700393/; classtype:trojan-activity;sid:84563493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700392/; classtype:trojan-activity;sid:84563492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.50.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700391/; classtype:trojan-activity;sid:84563491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.94.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700390/; classtype:trojan-activity;sid:84563490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.86.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700389/; classtype:trojan-activity;sid:84563489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.163.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700388/; classtype:trojan-activity;sid:84563488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.20.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700387/; classtype:trojan-activity;sid:84563487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.179.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700386/; classtype:trojan-activity;sid:84563486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700385/; classtype:trojan-activity;sid:84563485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.37.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700384/; classtype:trojan-activity;sid:84563484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700383)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251104151202.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"yturewezz.wuaze.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700383/; classtype:trojan-activity;sid:84563483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700381)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251104151153.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"yturewezz.wuaze.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700381/; classtype:trojan-activity;sid:84563481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700382)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106094124.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"yturewezz.wuaze.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700382/; classtype:trojan-activity;sid:84563482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700380)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251106094143.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"yturewezz.wuaze.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700380/; classtype:trojan-activity;sid:84563480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.232.188.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700378/; classtype:trojan-activity;sid:84563478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.110.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700379/; classtype:trojan-activity;sid:84563479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.77.146.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700374/; classtype:trojan-activity;sid:84563474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.12.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700375/; classtype:trojan-activity;sid:84563475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.76.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700376/; classtype:trojan-activity;sid:84563476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700377)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.38.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700377/; classtype:trojan-activity;sid:84563477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.194.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700372/; classtype:trojan-activity;sid:84563472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.90.29.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700373/; classtype:trojan-activity;sid:84563473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.101.19.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700367/; classtype:trojan-activity;sid:84563467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.174.117.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700368/; classtype:trojan-activity;sid:84563468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.170.202.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700369/; classtype:trojan-activity;sid:84563469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.70.95.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700370/; classtype:trojan-activity;sid:84563470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.144.78.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700371/; classtype:trojan-activity;sid:84563471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700366)"; flow:established,from_client; content:"GET"; http_method; content:"/2f5utmyx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zkefi.brightvoyage.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700366/; classtype:trojan-activity;sid:84563466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.236.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700365/; classtype:trojan-activity;sid:84563465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700364/; classtype:trojan-activity;sid:84563464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.94.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700363/; classtype:trojan-activity;sid:84563463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700361)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700361/; classtype:trojan-activity;sid:84563461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700362)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700362/; classtype:trojan-activity;sid:84563462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700360)"; flow:established,from_client; content:"GET"; http_method; content:"/router-atemi-rep.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700360/; classtype:trojan-activity;sid:84563460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700358)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700358/; classtype:trojan-activity;sid:84563458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700359)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700359/; classtype:trojan-activity;sid:84563459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.9.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700357/; classtype:trojan-activity;sid:84563457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700343)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700343/; classtype:trojan-activity;sid:84563443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700344)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700344/; classtype:trojan-activity;sid:84563444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700345)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700345/; classtype:trojan-activity;sid:84563445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700346)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700346/; classtype:trojan-activity;sid:84563446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700347)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700347/; classtype:trojan-activity;sid:84563447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700348)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700348/; classtype:trojan-activity;sid:84563448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700349)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700349/; classtype:trojan-activity;sid:84563449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700350)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700350/; classtype:trojan-activity;sid:84563450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700351)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700351/; classtype:trojan-activity;sid:84563451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700352)"; flow:established,from_client; content:"GET"; http_method; content:"/router-atemi-rep.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700352/; classtype:trojan-activity;sid:84563452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700353)"; flow:established,from_client; content:"GET"; http_method; content:"/router-atemi-rep.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700353/; classtype:trojan-activity;sid:84563453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700354)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700354/; classtype:trojan-activity;sid:84563454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700355)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mreow.xyz"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700355/; classtype:trojan-activity;sid:84563455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700356)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mreow.store"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700356/; classtype:trojan-activity;sid:84563456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.111.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700342/; classtype:trojan-activity;sid:84563442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700341)"; flow:established,from_client; content:"GET"; http_method; content:"/oq83ir1w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p0.brightvoyage.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700341/; classtype:trojan-activity;sid:84563441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.20.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700340/; classtype:trojan-activity;sid:84563440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700339)"; flow:established,from_client; content:"GET"; http_method; content:"/iibgtfht"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p0.brightvoyage.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700339/; classtype:trojan-activity;sid:84563439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.198.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700338/; classtype:trojan-activity;sid:84563438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.179.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700336/; classtype:trojan-activity;sid:84563436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.172.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700337/; classtype:trojan-activity;sid:84563437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700335)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700335/; classtype:trojan-activity;sid:84563435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700334)"; flow:established,from_client; content:"GET"; http_method; content:"/nicatwe.jar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700334/; classtype:trojan-activity;sid:84563434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700333)"; flow:established,from_client; content:"GET"; http_method; content:"/w0i876t3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"glut.emberkranz.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700333/; classtype:trojan-activity;sid:84563433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700332)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.126.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700332/; classtype:trojan-activity;sid:84563432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700331)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.80.130.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700331/; classtype:trojan-activity;sid:84563431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700330)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.126.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700330/; classtype:trojan-activity;sid:84563430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700329)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700329/; classtype:trojan-activity;sid:84563429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700328)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700328/; classtype:trojan-activity;sid:84563428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700327/; classtype:trojan-activity;sid:84563427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700326)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.210.43.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700326/; classtype:trojan-activity;sid:84563426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700325)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.115.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700325/; classtype:trojan-activity;sid:84563425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700322)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.245.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700322/; classtype:trojan-activity;sid:84563422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700323)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202509/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700323/; classtype:trojan-activity;sid:84563423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700324)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/photo.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700324/; classtype:trojan-activity;sid:84563424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700321)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.169.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700321/; classtype:trojan-activity;sid:84563421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700318)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.99.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700318/; classtype:trojan-activity;sid:84563418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700319)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700319/; classtype:trojan-activity;sid:84563419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700320)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700320/; classtype:trojan-activity;sid:84563420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700311)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700311/; classtype:trojan-activity;sid:84563411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700312)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/04/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700312/; classtype:trojan-activity;sid:84563412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700313)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700313/; classtype:trojan-activity;sid:84563413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700314)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700314/; classtype:trojan-activity;sid:84563414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700315)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/av.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700315/; classtype:trojan-activity;sid:84563415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700316)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700316/; classtype:trojan-activity;sid:84563416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700317)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700317/; classtype:trojan-activity;sid:84563417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700309)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700309/; classtype:trojan-activity;sid:84563409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700310)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700310/; classtype:trojan-activity;sid:84563410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700303)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700303/; classtype:trojan-activity;sid:84563403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700304)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700304/; classtype:trojan-activity;sid:84563404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700305)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/install/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700305/; classtype:trojan-activity;sid:84563405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700306)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700306/; classtype:trojan-activity;sid:84563406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700307)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700307/; classtype:trojan-activity;sid:84563407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700308)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700308/; classtype:trojan-activity;sid:84563408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700302)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/video.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700302/; classtype:trojan-activity;sid:84563402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700300)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700300/; classtype:trojan-activity;sid:84563400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700301)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700301/; classtype:trojan-activity;sid:84563401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700296)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700296/; classtype:trojan-activity;sid:84563396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700297)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700297/; classtype:trojan-activity;sid:84563397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700298)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700298/; classtype:trojan-activity;sid:84563398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700299)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700299/; classtype:trojan-activity;sid:84563399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700284)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700284/; classtype:trojan-activity;sid:84563384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700285)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/video.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700285/; classtype:trojan-activity;sid:84563385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700286)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700286/; classtype:trojan-activity;sid:84563386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700287)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700287/; classtype:trojan-activity;sid:84563387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700288)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700288/; classtype:trojan-activity;sid:84563388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700289)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700289/; classtype:trojan-activity;sid:84563389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700290)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700290/; classtype:trojan-activity;sid:84563390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700291)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700291/; classtype:trojan-activity;sid:84563391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700292)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700292/; classtype:trojan-activity;sid:84563392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700293)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/vorderop/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700293/; classtype:trojan-activity;sid:84563393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700294)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/video.lnk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700294/; classtype:trojan-activity;sid:84563394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700295)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700295/; classtype:trojan-activity;sid:84563395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700280)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700280/; classtype:trojan-activity;sid:84563380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700281)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700281/; classtype:trojan-activity;sid:84563381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700282)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/photo.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700282/; classtype:trojan-activity;sid:84563382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700283)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700283/; classtype:trojan-activity;sid:84563383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700278)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700278/; classtype:trojan-activity;sid:84563378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700279)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700279/; classtype:trojan-activity;sid:84563379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700276/; classtype:trojan-activity;sid:84563376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700277)"; flow:established,from_client; content:"GET"; http_method; content:"/file/st01hw/hw.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"f005.backblazeb2.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700277/; classtype:trojan-activity;sid:84563377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700264)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700264/; classtype:trojan-activity;sid:84563364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700265)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700265/; classtype:trojan-activity;sid:84563365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700266)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/photo.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700266/; classtype:trojan-activity;sid:84563366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700267)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700267/; classtype:trojan-activity;sid:84563367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700268)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700268/; classtype:trojan-activity;sid:84563368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700269)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700269/; classtype:trojan-activity;sid:84563369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700270)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700270/; classtype:trojan-activity;sid:84563370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700271)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700271/; classtype:trojan-activity;sid:84563371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700272)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/install/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700272/; classtype:trojan-activity;sid:84563372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700273)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700273/; classtype:trojan-activity;sid:84563373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700274)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700274/; classtype:trojan-activity;sid:84563374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700275)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700275/; classtype:trojan-activity;sid:84563375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700261)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700261/; classtype:trojan-activity;sid:84563361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700262)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700262/; classtype:trojan-activity;sid:84563362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700263)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700263/; classtype:trojan-activity;sid:84563363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700260)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700260/; classtype:trojan-activity;sid:84563360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700257)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700257/; classtype:trojan-activity;sid:84563357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700258)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700258/; classtype:trojan-activity;sid:84563358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700259)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.169.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700259/; classtype:trojan-activity;sid:84563359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700239)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700239/; classtype:trojan-activity;sid:84563339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700240)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700240/; classtype:trojan-activity;sid:84563340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700241)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700241/; classtype:trojan-activity;sid:84563341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700242)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700242/; classtype:trojan-activity;sid:84563342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700243)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700243/; classtype:trojan-activity;sid:84563343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700244)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700244/; classtype:trojan-activity;sid:84563344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700245)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700245/; classtype:trojan-activity;sid:84563345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700246)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700246/; classtype:trojan-activity;sid:84563346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700247)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700247/; classtype:trojan-activity;sid:84563347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700248)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700248/; classtype:trojan-activity;sid:84563348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700249)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700249/; classtype:trojan-activity;sid:84563349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700250)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700250/; classtype:trojan-activity;sid:84563350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700251)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700251/; classtype:trojan-activity;sid:84563351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700252)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700252/; classtype:trojan-activity;sid:84563352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700253)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700253/; classtype:trojan-activity;sid:84563353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700254)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.95.81.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700254/; classtype:trojan-activity;sid:84563354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700255)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700255/; classtype:trojan-activity;sid:84563355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700256)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700256/; classtype:trojan-activity;sid:84563356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700238)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700238/; classtype:trojan-activity;sid:84563338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700235)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700235/; classtype:trojan-activity;sid:84563335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700236)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700236/; classtype:trojan-activity;sid:84563336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700237)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/video.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700237/; classtype:trojan-activity;sid:84563337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700232)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700232/; classtype:trojan-activity;sid:84563332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700233)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700233/; classtype:trojan-activity;sid:84563333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700234)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700234/; classtype:trojan-activity;sid:84563334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700217)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700217/; classtype:trojan-activity;sid:84563317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700218)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700218/; classtype:trojan-activity;sid:84563318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700219)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700219/; classtype:trojan-activity;sid:84563319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700220)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700220/; classtype:trojan-activity;sid:84563320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700221)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/01/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700221/; classtype:trojan-activity;sid:84563321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700222)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700222/; classtype:trojan-activity;sid:84563322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700223)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700223/; classtype:trojan-activity;sid:84563323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700224)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700224/; classtype:trojan-activity;sid:84563324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700225)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700225/; classtype:trojan-activity;sid:84563325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700226)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700226/; classtype:trojan-activity;sid:84563326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700227)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700227/; classtype:trojan-activity;sid:84563327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700228)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700228/; classtype:trojan-activity;sid:84563328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700229)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700229/; classtype:trojan-activity;sid:84563329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700230)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700230/; classtype:trojan-activity;sid:84563330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700231)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700231/; classtype:trojan-activity;sid:84563331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700216)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700216/; classtype:trojan-activity;sid:84563316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700214)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700214/; classtype:trojan-activity;sid:84563314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700215)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/photo.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700215/; classtype:trojan-activity;sid:84563315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700212)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700212/; classtype:trojan-activity;sid:84563312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700213)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700213/; classtype:trojan-activity;sid:84563313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700209)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/docuimage/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700209/; classtype:trojan-activity;sid:84563309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700210)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700210/; classtype:trojan-activity;sid:84563310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700211)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700211/; classtype:trojan-activity;sid:84563311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700197)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700197/; classtype:trojan-activity;sid:84563297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700198)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700198/; classtype:trojan-activity;sid:84563298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700199)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700199/; classtype:trojan-activity;sid:84563299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700200)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700200/; classtype:trojan-activity;sid:84563300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700201)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700201/; classtype:trojan-activity;sid:84563301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700202)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/202408/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700202/; classtype:trojan-activity;sid:84563302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700203)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700203/; classtype:trojan-activity;sid:84563303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700204)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/photo.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700204/; classtype:trojan-activity;sid:84563304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700205)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700205/; classtype:trojan-activity;sid:84563305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700206)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700206/; classtype:trojan-activity;sid:84563306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700207)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/photo.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700207/; classtype:trojan-activity;sid:84563307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700208)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700208/; classtype:trojan-activity;sid:84563308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700195)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700195/; classtype:trojan-activity;sid:84563295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700196)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700196/; classtype:trojan-activity;sid:84563296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700194)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700194/; classtype:trojan-activity;sid:84563294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700189)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700189/; classtype:trojan-activity;sid:84563289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700190)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700190/; classtype:trojan-activity;sid:84563290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700191/; classtype:trojan-activity;sid:84563291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700192)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700192/; classtype:trojan-activity;sid:84563292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700193)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700193/; classtype:trojan-activity;sid:84563293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700186)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700186/; classtype:trojan-activity;sid:84563286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700187/; classtype:trojan-activity;sid:84563287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700188)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700188/; classtype:trojan-activity;sid:84563288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700175)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700175/; classtype:trojan-activity;sid:84563275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700176)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/video.lnk"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700176/; classtype:trojan-activity;sid:84563276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700177)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.16.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700177/; classtype:trojan-activity;sid:84563277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700178)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/photo.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700178/; classtype:trojan-activity;sid:84563278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700179)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700179/; classtype:trojan-activity;sid:84563279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700180)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700180/; classtype:trojan-activity;sid:84563280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700181)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2013/handy2013/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700181/; classtype:trojan-activity;sid:84563281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700182)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700182/; classtype:trojan-activity;sid:84563282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700183)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700183/; classtype:trojan-activity;sid:84563283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700184)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/video.lnk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700184/; classtype:trojan-activity;sid:84563284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700185)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700185/; classtype:trojan-activity;sid:84563285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700164)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700164/; classtype:trojan-activity;sid:84563264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700165)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700165/; classtype:trojan-activity;sid:84563265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700166)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700166/; classtype:trojan-activity;sid:84563266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700167)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/03/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700167/; classtype:trojan-activity;sid:84563267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700168)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700168/; classtype:trojan-activity;sid:84563268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700169)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700169/; classtype:trojan-activity;sid:84563269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700170)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700170/; classtype:trojan-activity;sid:84563270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700171)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700171/; classtype:trojan-activity;sid:84563271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700172)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700172/; classtype:trojan-activity;sid:84563272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700173)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700173/; classtype:trojan-activity;sid:84563273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700174)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700174/; classtype:trojan-activity;sid:84563274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700162)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700162/; classtype:trojan-activity;sid:84563262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700163)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700163/; classtype:trojan-activity;sid:84563263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700161)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700161/; classtype:trojan-activity;sid:84563261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700158)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/buntgemischt2010/photo.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700158/; classtype:trojan-activity;sid:84563258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700159)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/wien0510/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700159/; classtype:trojan-activity;sid:84563259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700160)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/av.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700160/; classtype:trojan-activity;sid:84563260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700155)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700155/; classtype:trojan-activity;sid:84563255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700156)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700156/; classtype:trojan-activity;sid:84563256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700157)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700157/; classtype:trojan-activity;sid:84563257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700145)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700145/; classtype:trojan-activity;sid:84563245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700146)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700146/; classtype:trojan-activity;sid:84563246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700147)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700147/; classtype:trojan-activity;sid:84563247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700148)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700148/; classtype:trojan-activity;sid:84563248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700149)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700149/; classtype:trojan-activity;sid:84563249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700150)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700150/; classtype:trojan-activity;sid:84563250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700151)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700151/; classtype:trojan-activity;sid:84563251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700152)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700152/; classtype:trojan-activity;sid:84563252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700153)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700153/; classtype:trojan-activity;sid:84563253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700154)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700154/; classtype:trojan-activity;sid:84563254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700144)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700144/; classtype:trojan-activity;sid:84563244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700140)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700140/; classtype:trojan-activity;sid:84563240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700141)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700141/; classtype:trojan-activity;sid:84563241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700142)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700142/; classtype:trojan-activity;sid:84563242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700143)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700143/; classtype:trojan-activity;sid:84563243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700139)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700139/; classtype:trojan-activity;sid:84563239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700134)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/video.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700134/; classtype:trojan-activity;sid:84563234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700135)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700135/; classtype:trojan-activity;sid:84563235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700136)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700136/; classtype:trojan-activity;sid:84563236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700137)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700137/; classtype:trojan-activity;sid:84563237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700138)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700138/; classtype:trojan-activity;sid:84563238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700130)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700130/; classtype:trojan-activity;sid:84563230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700131)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700131/; classtype:trojan-activity;sid:84563231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700132)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700132/; classtype:trojan-activity;sid:84563232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700133)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700133/; classtype:trojan-activity;sid:84563233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700118)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/photo.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700118/; classtype:trojan-activity;sid:84563218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700119)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700119/; classtype:trojan-activity;sid:84563219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700120)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/av.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700120/; classtype:trojan-activity;sid:84563220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700121)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/install/info.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700121/; classtype:trojan-activity;sid:84563221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700122)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700122/; classtype:trojan-activity;sid:84563222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700123)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700123/; classtype:trojan-activity;sid:84563223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700124)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700124/; classtype:trojan-activity;sid:84563224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700125)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/photo.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700125/; classtype:trojan-activity;sid:84563225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700126)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700126/; classtype:trojan-activity;sid:84563226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700127)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700127/; classtype:trojan-activity;sid:84563227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700128)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700128/; classtype:trojan-activity;sid:84563228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700129/; classtype:trojan-activity;sid:84563229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700116)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700116/; classtype:trojan-activity;sid:84563216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700117)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700117/; classtype:trojan-activity;sid:84563217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700114)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700114/; classtype:trojan-activity;sid:84563214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700115)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700115/; classtype:trojan-activity;sid:84563215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700113)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.204.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700113/; classtype:trojan-activity;sid:84563213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700104)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700104/; classtype:trojan-activity;sid:84563204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700105)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700105/; classtype:trojan-activity;sid:84563205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700106)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700106/; classtype:trojan-activity;sid:84563206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700107)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700107/; classtype:trojan-activity;sid:84563207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700108)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700108/; classtype:trojan-activity;sid:84563208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700109)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700109/; classtype:trojan-activity;sid:84563209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700110)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.119.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700110/; classtype:trojan-activity;sid:84563210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700111)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700111/; classtype:trojan-activity;sid:84563211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700112)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700112/; classtype:trojan-activity;sid:84563212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700083)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700083/; classtype:trojan-activity;sid:84563183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700084)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700084/; classtype:trojan-activity;sid:84563184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700085)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700085/; classtype:trojan-activity;sid:84563185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700086)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700086/; classtype:trojan-activity;sid:84563186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700087)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700087/; classtype:trojan-activity;sid:84563187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700088)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/photo.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700088/; classtype:trojan-activity;sid:84563188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700089)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700089/; classtype:trojan-activity;sid:84563189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700090)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700090/; classtype:trojan-activity;sid:84563190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700091)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700091/; classtype:trojan-activity;sid:84563191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700092)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700092/; classtype:trojan-activity;sid:84563192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700093)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700093/; classtype:trojan-activity;sid:84563193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700094)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700094/; classtype:trojan-activity;sid:84563194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700095)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700095/; classtype:trojan-activity;sid:84563195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700096)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700096/; classtype:trojan-activity;sid:84563196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700097)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700097/; classtype:trojan-activity;sid:84563197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700098)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/video.scr"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700098/; classtype:trojan-activity;sid:84563198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700099)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700099/; classtype:trojan-activity;sid:84563199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700100)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700100/; classtype:trojan-activity;sid:84563200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700101)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700101/; classtype:trojan-activity;sid:84563201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700102)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/av.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700102/; classtype:trojan-activity;sid:84563202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700103)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/video.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700103/; classtype:trojan-activity;sid:84563203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700080)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700080/; classtype:trojan-activity;sid:84563180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700081)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700081/; classtype:trojan-activity;sid:84563181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700082)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700082/; classtype:trojan-activity;sid:84563182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700074)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700074/; classtype:trojan-activity;sid:84563174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700075)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700075/; classtype:trojan-activity;sid:84563175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700076)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700076/; classtype:trojan-activity;sid:84563176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700077)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700077/; classtype:trojan-activity;sid:84563177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700078)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700078/; classtype:trojan-activity;sid:84563178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700079)"; flow:established,from_client; content:"GET"; http_method; content:"/program/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700079/; classtype:trojan-activity;sid:84563179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700073)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700073/; classtype:trojan-activity;sid:84563173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700070)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.83.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700070/; classtype:trojan-activity;sid:84563170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700071)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700071/; classtype:trojan-activity;sid:84563171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700072)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700072/; classtype:trojan-activity;sid:84563172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700061)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.95.81.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700061/; classtype:trojan-activity;sid:84563161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700062)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700062/; classtype:trojan-activity;sid:84563162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700063)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700063/; classtype:trojan-activity;sid:84563163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700064)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700064/; classtype:trojan-activity;sid:84563164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700065)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700065/; classtype:trojan-activity;sid:84563165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700066)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700066/; classtype:trojan-activity;sid:84563166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700067)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700067/; classtype:trojan-activity;sid:84563167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700068)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700068/; classtype:trojan-activity;sid:84563168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700069)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/video.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700069/; classtype:trojan-activity;sid:84563169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700051)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700051/; classtype:trojan-activity;sid:84563151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700052)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700052/; classtype:trojan-activity;sid:84563152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700053)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700053/; classtype:trojan-activity;sid:84563153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700054)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700054/; classtype:trojan-activity;sid:84563154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700055)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/setup/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700055/; classtype:trojan-activity;sid:84563155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700056)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700056/; classtype:trojan-activity;sid:84563156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700057)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/video.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700057/; classtype:trojan-activity;sid:84563157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700058)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700058/; classtype:trojan-activity;sid:84563158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700059)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700059/; classtype:trojan-activity;sid:84563159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700060)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/av.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700060/; classtype:trojan-activity;sid:84563160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700049)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700049/; classtype:trojan-activity;sid:84563149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700050)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700050/; classtype:trojan-activity;sid:84563150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700045)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.95.81.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700045/; classtype:trojan-activity;sid:84563145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700046)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700046/; classtype:trojan-activity;sid:84563146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700047)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/av.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700047/; classtype:trojan-activity;sid:84563147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700048)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700048/; classtype:trojan-activity;sid:84563148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700043)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/photo.scr"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700043/; classtype:trojan-activity;sid:84563143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700044)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.226.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700044/; classtype:trojan-activity;sid:84563144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700042)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.26.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700042/; classtype:trojan-activity;sid:84563142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700039)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.81.158.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700039/; classtype:trojan-activity;sid:84563139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700040)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700040/; classtype:trojan-activity;sid:84563140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700041)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700041/; classtype:trojan-activity;sid:84563141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700032)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700032/; classtype:trojan-activity;sid:84563132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700033)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/userimage/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700033/; classtype:trojan-activity;sid:84563133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700034)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/202408/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700034/; classtype:trojan-activity;sid:84563134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700035)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/video.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700035/; classtype:trojan-activity;sid:84563135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700036)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700036/; classtype:trojan-activity;sid:84563136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700037)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700037/; classtype:trojan-activity;sid:84563137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700038)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700038/; classtype:trojan-activity;sid:84563138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700028)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.158.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700028/; classtype:trojan-activity;sid:84563128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700029)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/update/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700029/; classtype:trojan-activity;sid:84563129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700030)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/av.scr"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700030/; classtype:trojan-activity;sid:84563130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700031)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.158.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700031/; classtype:trojan-activity;sid:84563131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700024)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.99.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700024/; classtype:trojan-activity;sid:84563124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700025)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700025/; classtype:trojan-activity;sid:84563125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700026)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700026/; classtype:trojan-activity;sid:84563126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700027)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700027/; classtype:trojan-activity;sid:84563127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700023)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.26.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700023/; classtype:trojan-activity;sid:84563123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700021)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700021/; classtype:trojan-activity;sid:84563121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700022)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700022/; classtype:trojan-activity;sid:84563122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700016)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700016/; classtype:trojan-activity;sid:84563116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700017)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700017/; classtype:trojan-activity;sid:84563117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700018)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700018/; classtype:trojan-activity;sid:84563118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700019/; classtype:trojan-activity;sid:84563119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700020)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700020/; classtype:trojan-activity;sid:84563120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700010)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700010/; classtype:trojan-activity;sid:84563110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700011)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700011/; classtype:trojan-activity;sid:84563111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700012)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700012/; classtype:trojan-activity;sid:84563112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700013)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700013/; classtype:trojan-activity;sid:84563113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700014)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700014/; classtype:trojan-activity;sid:84563114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700015)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700015/; classtype:trojan-activity;sid:84563115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700007)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700007/; classtype:trojan-activity;sid:84563107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700008)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700008/; classtype:trojan-activity;sid:84563108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700009)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700009/; classtype:trojan-activity;sid:84563109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700006)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.226.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700006/; classtype:trojan-activity;sid:84563106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700001)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/video.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700001/; classtype:trojan-activity;sid:84563101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700002)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700002/; classtype:trojan-activity;sid:84563102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700003)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700003/; classtype:trojan-activity;sid:84563103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700004)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.119.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700004/; classtype:trojan-activity;sid:84563104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700005)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700005/; classtype:trojan-activity;sid:84563105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699998)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699998/; classtype:trojan-activity;sid:84563098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699999)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699999/; classtype:trojan-activity;sid:84563099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700000)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700000/; classtype:trojan-activity;sid:84563100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699997/; classtype:trojan-activity;sid:84563097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699991)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699991/; classtype:trojan-activity;sid:84563091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699992)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699992/; classtype:trojan-activity;sid:84563092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699993)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699993/; classtype:trojan-activity;sid:84563093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699994)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699994/; classtype:trojan-activity;sid:84563094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699995)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699995/; classtype:trojan-activity;sid:84563095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699996)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699996/; classtype:trojan-activity;sid:84563096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699987)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.5.119"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699987/; classtype:trojan-activity;sid:84563087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699988)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699988/; classtype:trojan-activity;sid:84563088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699989)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699989/; classtype:trojan-activity;sid:84563089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699990)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699990/; classtype:trojan-activity;sid:84563090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699984)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.82.243.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699984/; classtype:trojan-activity;sid:84563084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699985)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699985/; classtype:trojan-activity;sid:84563085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699986)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699986/; classtype:trojan-activity;sid:84563086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699981)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699981/; classtype:trojan-activity;sid:84563081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699982)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699982/; classtype:trojan-activity;sid:84563082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699983)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699983/; classtype:trojan-activity;sid:84563083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699979)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.158.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699979/; classtype:trojan-activity;sid:84563079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699980)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/photo.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699980/; classtype:trojan-activity;sid:84563080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699971)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699971/; classtype:trojan-activity;sid:84563071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699972)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699972/; classtype:trojan-activity;sid:84563072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699973)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"218.95.81.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699973/; classtype:trojan-activity;sid:84563073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699974)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699974/; classtype:trojan-activity;sid:84563074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699975)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699975/; classtype:trojan-activity;sid:84563075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699976)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699976/; classtype:trojan-activity;sid:84563076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.115.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699977/; classtype:trojan-activity;sid:84563077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699978)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699978/; classtype:trojan-activity;sid:84563078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699967)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.91.141.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699967/; classtype:trojan-activity;sid:84563067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699968)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699968/; classtype:trojan-activity;sid:84563068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699969)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699969/; classtype:trojan-activity;sid:84563069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699970)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699970/; classtype:trojan-activity;sid:84563070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699964)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699964/; classtype:trojan-activity;sid:84563064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699965)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699965/; classtype:trojan-activity;sid:84563065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699966)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699966/; classtype:trojan-activity;sid:84563066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699963)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699963/; classtype:trojan-activity;sid:84563063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699962)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699962/; classtype:trojan-activity;sid:84563062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699959)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699959/; classtype:trojan-activity;sid:84563059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699960)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699960/; classtype:trojan-activity;sid:84563060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699961)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699961/; classtype:trojan-activity;sid:84563061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699958)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699958/; classtype:trojan-activity;sid:84563058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699947)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699947/; classtype:trojan-activity;sid:84563047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699948)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/video.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699948/; classtype:trojan-activity;sid:84563048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699949)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699949/; classtype:trojan-activity;sid:84563049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699950)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699950/; classtype:trojan-activity;sid:84563050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699951)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699951/; classtype:trojan-activity;sid:84563051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699952)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699952/; classtype:trojan-activity;sid:84563052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699953)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699953/; classtype:trojan-activity;sid:84563053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699954)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699954/; classtype:trojan-activity;sid:84563054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699955)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699955/; classtype:trojan-activity;sid:84563055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699956)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699956/; classtype:trojan-activity;sid:84563056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699957)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699957/; classtype:trojan-activity;sid:84563057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699945)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699945/; classtype:trojan-activity;sid:84563045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699946)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699946/; classtype:trojan-activity;sid:84563046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699944)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.215.17.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699944/; classtype:trojan-activity;sid:84563044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699942)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699942/; classtype:trojan-activity;sid:84563042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699943)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699943/; classtype:trojan-activity;sid:84563043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699933)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699933/; classtype:trojan-activity;sid:84563033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699934)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699934/; classtype:trojan-activity;sid:84563034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699935)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699935/; classtype:trojan-activity;sid:84563035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699936)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699936/; classtype:trojan-activity;sid:84563036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.81.159.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699937/; classtype:trojan-activity;sid:84563037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699938)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699938/; classtype:trojan-activity;sid:84563038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699939)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699939/; classtype:trojan-activity;sid:84563039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699940)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.243.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699940/; classtype:trojan-activity;sid:84563040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699941)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699941/; classtype:trojan-activity;sid:84563041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699932)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699932/; classtype:trojan-activity;sid:84563032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699931)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699931/; classtype:trojan-activity;sid:84563031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699927)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699927/; classtype:trojan-activity;sid:84563027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699928)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699928/; classtype:trojan-activity;sid:84563028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699929)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699929/; classtype:trojan-activity;sid:84563029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699930)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699930/; classtype:trojan-activity;sid:84563030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699924)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699924/; classtype:trojan-activity;sid:84563024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699925)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699925/; classtype:trojan-activity;sid:84563025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699926)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699926/; classtype:trojan-activity;sid:84563026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699917)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699917/; classtype:trojan-activity;sid:84563017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699918)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699918/; classtype:trojan-activity;sid:84563018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699919)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699919/; classtype:trojan-activity;sid:84563019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699920)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/video.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699920/; classtype:trojan-activity;sid:84563020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699921)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/video.scr"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699921/; classtype:trojan-activity;sid:84563021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699922)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699922/; classtype:trojan-activity;sid:84563022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699923)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699923/; classtype:trojan-activity;sid:84563023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699916)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699916/; classtype:trojan-activity;sid:84563016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699913)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699913/; classtype:trojan-activity;sid:84563013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699914)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699914/; classtype:trojan-activity;sid:84563014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699915)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/photo.scr"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699915/; classtype:trojan-activity;sid:84563015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699909)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699909/; classtype:trojan-activity;sid:84563009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699910)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699910/; classtype:trojan-activity;sid:84563010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699911)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/photo.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699911/; classtype:trojan-activity;sid:84563011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699912)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699912/; classtype:trojan-activity;sid:84563012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699903)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699903/; classtype:trojan-activity;sid:84563003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699904)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699904/; classtype:trojan-activity;sid:84563004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699905)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699905/; classtype:trojan-activity;sid:84563005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699906)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699906/; classtype:trojan-activity;sid:84563006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699907)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.194.81.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699907/; classtype:trojan-activity;sid:84563007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699908)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/02/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699908/; classtype:trojan-activity;sid:84563008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699896)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699896/; classtype:trojan-activity;sid:84562996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699897)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699897/; classtype:trojan-activity;sid:84562997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699898)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699898/; classtype:trojan-activity;sid:84562998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699899)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699899/; classtype:trojan-activity;sid:84562999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699900)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699900/; classtype:trojan-activity;sid:84563000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699901)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699901/; classtype:trojan-activity;sid:84563001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699902)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699902/; classtype:trojan-activity;sid:84563002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699894)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699894/; classtype:trojan-activity;sid:84562994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699895)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699895/; classtype:trojan-activity;sid:84562995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699886)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699886/; classtype:trojan-activity;sid:84562986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699887)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699887/; classtype:trojan-activity;sid:84562987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699888)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699888/; classtype:trojan-activity;sid:84562988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699889)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.117.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699889/; classtype:trojan-activity;sid:84562989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699890)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699890/; classtype:trojan-activity;sid:84562990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699891)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699891/; classtype:trojan-activity;sid:84562991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699892)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699892/; classtype:trojan-activity;sid:84562992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.82.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699893/; classtype:trojan-activity;sid:84562993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699884)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699884/; classtype:trojan-activity;sid:84562984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699885)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/photo.lnk"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699885/; classtype:trojan-activity;sid:84562985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699874)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699874/; classtype:trojan-activity;sid:84562974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699875)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699875/; classtype:trojan-activity;sid:84562975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699876)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699876/; classtype:trojan-activity;sid:84562976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699877)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699877/; classtype:trojan-activity;sid:84562977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699878)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699878/; classtype:trojan-activity;sid:84562978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699879)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699879/; classtype:trojan-activity;sid:84562979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699880)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/photo.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699880/; classtype:trojan-activity;sid:84562980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699881)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/video.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699881/; classtype:trojan-activity;sid:84562981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699882)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699882/; classtype:trojan-activity;sid:84562982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699883)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699883/; classtype:trojan-activity;sid:84562983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699873)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699873/; classtype:trojan-activity;sid:84562973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699867)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699867/; classtype:trojan-activity;sid:84562967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699868)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/video.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699868/; classtype:trojan-activity;sid:84562968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699869)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699869/; classtype:trojan-activity;sid:84562969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699870)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699870/; classtype:trojan-activity;sid:84562970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699871)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699871/; classtype:trojan-activity;sid:84562971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699872)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699872/; classtype:trojan-activity;sid:84562972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699866)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699866/; classtype:trojan-activity;sid:84562966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699864)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699864/; classtype:trojan-activity;sid:84562964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699865)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699865/; classtype:trojan-activity;sid:84562965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699856)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/av.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699856/; classtype:trojan-activity;sid:84562956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699857)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699857/; classtype:trojan-activity;sid:84562957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699858/; classtype:trojan-activity;sid:84562958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699859)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699859/; classtype:trojan-activity;sid:84562959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699860)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/04/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699860/; classtype:trojan-activity;sid:84562960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699861)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699861/; classtype:trojan-activity;sid:84562961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699862)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699862/; classtype:trojan-activity;sid:84562962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699863)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699863/; classtype:trojan-activity;sid:84562963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699851)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699851/; classtype:trojan-activity;sid:84562951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699852)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/video.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699852/; classtype:trojan-activity;sid:84562952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699853)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699853/; classtype:trojan-activity;sid:84562953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699854)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699854/; classtype:trojan-activity;sid:84562954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699855)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699855/; classtype:trojan-activity;sid:84562955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699849)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/photo.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699849/; classtype:trojan-activity;sid:84562949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699850)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699850/; classtype:trojan-activity;sid:84562950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699848)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.193.68.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699848/; classtype:trojan-activity;sid:84562948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699846)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699846/; classtype:trojan-activity;sid:84562946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699847)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699847/; classtype:trojan-activity;sid:84562947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699840)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699840/; classtype:trojan-activity;sid:84562940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699841)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699841/; classtype:trojan-activity;sid:84562941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699842)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699842/; classtype:trojan-activity;sid:84562942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699843)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202510/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699843/; classtype:trojan-activity;sid:84562943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699844)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699844/; classtype:trojan-activity;sid:84562944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699845)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699845/; classtype:trojan-activity;sid:84562945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699835)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699835/; classtype:trojan-activity;sid:84562935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699836)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699836/; classtype:trojan-activity;sid:84562936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699837)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699837/; classtype:trojan-activity;sid:84562937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699838)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699838/; classtype:trojan-activity;sid:84562938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699839)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699839/; classtype:trojan-activity;sid:84562939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699833)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699833/; classtype:trojan-activity;sid:84562933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699834)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/photo.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699834/; classtype:trojan-activity;sid:84562934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699831)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699831/; classtype:trojan-activity;sid:84562931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699832)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699832/; classtype:trojan-activity;sid:84562932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699826)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202012/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699826/; classtype:trojan-activity;sid:84562926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699827)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699827/; classtype:trojan-activity;sid:84562927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699828)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/update/winnt/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699828/; classtype:trojan-activity;sid:84562928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699829)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/video.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699829/; classtype:trojan-activity;sid:84562929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699830)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699830/; classtype:trojan-activity;sid:84562930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699825)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699825/; classtype:trojan-activity;sid:84562925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699823)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699823/; classtype:trojan-activity;sid:84562923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699824)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699824/; classtype:trojan-activity;sid:84562924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699818)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699818/; classtype:trojan-activity;sid:84562918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699819)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699819/; classtype:trojan-activity;sid:84562919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699820)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699820/; classtype:trojan-activity;sid:84562920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699821)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699821/; classtype:trojan-activity;sid:84562921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699822)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699822/; classtype:trojan-activity;sid:84562922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699815)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699815/; classtype:trojan-activity;sid:84562915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699816)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699816/; classtype:trojan-activity;sid:84562916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699817)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699817/; classtype:trojan-activity;sid:84562917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699812)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699812/; classtype:trojan-activity;sid:84562912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699813)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699813/; classtype:trojan-activity;sid:84562913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699814)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699814/; classtype:trojan-activity;sid:84562914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699810)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/video.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699810/; classtype:trojan-activity;sid:84562910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699811)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699811/; classtype:trojan-activity;sid:84562911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699807)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699807/; classtype:trojan-activity;sid:84562907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699808)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699808/; classtype:trojan-activity;sid:84562908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699809)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699809/; classtype:trojan-activity;sid:84562909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699804)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699804/; classtype:trojan-activity;sid:84562904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699805)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699805/; classtype:trojan-activity;sid:84562905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699806)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699806/; classtype:trojan-activity;sid:84562906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699802)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699802/; classtype:trojan-activity;sid:84562902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699803)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/av.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699803/; classtype:trojan-activity;sid:84562903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699798)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699798/; classtype:trojan-activity;sid:84562898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699799)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699799/; classtype:trojan-activity;sid:84562899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699800)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699800/; classtype:trojan-activity;sid:84562900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699801)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.50.214.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699801/; classtype:trojan-activity;sid:84562901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699788/; classtype:trojan-activity;sid:84562888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699789)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699789/; classtype:trojan-activity;sid:84562889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699790)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699790/; classtype:trojan-activity;sid:84562890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699791)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699791/; classtype:trojan-activity;sid:84562891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699792)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699792/; classtype:trojan-activity;sid:84562892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699793)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699793/; classtype:trojan-activity;sid:84562893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699794)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699794/; classtype:trojan-activity;sid:84562894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699795)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699795/; classtype:trojan-activity;sid:84562895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699796)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699796/; classtype:trojan-activity;sid:84562896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699797)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699797/; classtype:trojan-activity;sid:84562897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699783)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699783/; classtype:trojan-activity;sid:84562883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699784)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699784/; classtype:trojan-activity;sid:84562884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699785)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699785/; classtype:trojan-activity;sid:84562885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699786)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699786/; classtype:trojan-activity;sid:84562886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699787)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699787/; classtype:trojan-activity;sid:84562887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699782)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699782/; classtype:trojan-activity;sid:84562882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699779)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/202208/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699779/; classtype:trojan-activity;sid:84562879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699780)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/zust%c3%a4nde2010/photo.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699780/; classtype:trojan-activity;sid:84562880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699781)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/docuimage/photo.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699781/; classtype:trojan-activity;sid:84562881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699778)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699778/; classtype:trojan-activity;sid:84562878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699776)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699776/; classtype:trojan-activity;sid:84562876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699777)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699777/; classtype:trojan-activity;sid:84562877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699771)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699771/; classtype:trojan-activity;sid:84562871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699772)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699772/; classtype:trojan-activity;sid:84562872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699773)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699773/; classtype:trojan-activity;sid:84562873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699774)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/av.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699774/; classtype:trojan-activity;sid:84562874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699775)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699775/; classtype:trojan-activity;sid:84562875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699766)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699766/; classtype:trojan-activity;sid:84562866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699767)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699767/; classtype:trojan-activity;sid:84562867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699768)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699768/; classtype:trojan-activity;sid:84562868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699769)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699769/; classtype:trojan-activity;sid:84562869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699770)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699770/; classtype:trojan-activity;sid:84562870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699762)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699762/; classtype:trojan-activity;sid:84562862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699763)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699763/; classtype:trojan-activity;sid:84562863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699764)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699764/; classtype:trojan-activity;sid:84562864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699765)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201607/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699765/; classtype:trojan-activity;sid:84562865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699758)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.99.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699758/; classtype:trojan-activity;sid:84562858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699759)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699759/; classtype:trojan-activity;sid:84562859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699760)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699760/; classtype:trojan-activity;sid:84562860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699761)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202205/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699761/; classtype:trojan-activity;sid:84562861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699751)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699751/; classtype:trojan-activity;sid:84562851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699752)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699752/; classtype:trojan-activity;sid:84562852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699753)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699753/; classtype:trojan-activity;sid:84562853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699754)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699754/; classtype:trojan-activity;sid:84562854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699755)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/userimage/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699755/; classtype:trojan-activity;sid:84562855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699756)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699756/; classtype:trojan-activity;sid:84562856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699757)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699757/; classtype:trojan-activity;sid:84562857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699749)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699749/; classtype:trojan-activity;sid:84562849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699750)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/video.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699750/; classtype:trojan-activity;sid:84562850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699743)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202508/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699743/; classtype:trojan-activity;sid:84562843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699744)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699744/; classtype:trojan-activity;sid:84562844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699745)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699745/; classtype:trojan-activity;sid:84562845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699746)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699746/; classtype:trojan-activity;sid:84562846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699747)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/setup/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699747/; classtype:trojan-activity;sid:84562847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699748)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699748/; classtype:trojan-activity;sid:84562848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699739)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699739/; classtype:trojan-activity;sid:84562839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699740)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699740/; classtype:trojan-activity;sid:84562840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699741)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699741/; classtype:trojan-activity;sid:84562841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699742)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699742/; classtype:trojan-activity;sid:84562842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699735)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699735/; classtype:trojan-activity;sid:84562835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699736)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699736/; classtype:trojan-activity;sid:84562836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699737)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.204.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699737/; classtype:trojan-activity;sid:84562837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699738)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/photo.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699738/; classtype:trojan-activity;sid:84562838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699732)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699732/; classtype:trojan-activity;sid:84562832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699733)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699733/; classtype:trojan-activity;sid:84562833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699734)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201804/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699734/; classtype:trojan-activity;sid:84562834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699726)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699726/; classtype:trojan-activity;sid:84562826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699727)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699727/; classtype:trojan-activity;sid:84562827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699728)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699728/; classtype:trojan-activity;sid:84562828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699729)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699729/; classtype:trojan-activity;sid:84562829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699730)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699730/; classtype:trojan-activity;sid:84562830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699731)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699731/; classtype:trojan-activity;sid:84562831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699723)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/anzug/photo.scr"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699723/; classtype:trojan-activity;sid:84562823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699724)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699724/; classtype:trojan-activity;sid:84562824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699725)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699725/; classtype:trojan-activity;sid:84562825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699721)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699721/; classtype:trojan-activity;sid:84562821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699722)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699722/; classtype:trojan-activity;sid:84562822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699718)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699718/; classtype:trojan-activity;sid:84562818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699719)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/photo.lnk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699719/; classtype:trojan-activity;sid:84562819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699720)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699720/; classtype:trojan-activity;sid:84562820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699709)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699709/; classtype:trojan-activity;sid:84562809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699710)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699710/; classtype:trojan-activity;sid:84562810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699711)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699711/; classtype:trojan-activity;sid:84562811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699712)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699712/; classtype:trojan-activity;sid:84562812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699713)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699713/; classtype:trojan-activity;sid:84562813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699714)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/av.lnk"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699714/; classtype:trojan-activity;sid:84562814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699715)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699715/; classtype:trojan-activity;sid:84562815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699716)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699716/; classtype:trojan-activity;sid:84562816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699717/; classtype:trojan-activity;sid:84562817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699704)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699704/; classtype:trojan-activity;sid:84562804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699705)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699705/; classtype:trojan-activity;sid:84562805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699706)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/photo.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699706/; classtype:trojan-activity;sid:84562806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699707)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699707/; classtype:trojan-activity;sid:84562807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699708)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/av.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699708/; classtype:trojan-activity;sid:84562808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699702)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699702/; classtype:trojan-activity;sid:84562802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699703)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699703/; classtype:trojan-activity;sid:84562803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699699)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699699/; classtype:trojan-activity;sid:84562799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699700)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699700/; classtype:trojan-activity;sid:84562800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699701)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699701/; classtype:trojan-activity;sid:84562801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699697)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.85.26.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699697/; classtype:trojan-activity;sid:84562797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699698)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699698/; classtype:trojan-activity;sid:84562798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699692)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699692/; classtype:trojan-activity;sid:84562792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699693)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/av.scr"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699693/; classtype:trojan-activity;sid:84562793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699694)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201809/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699694/; classtype:trojan-activity;sid:84562794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699695)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699695/; classtype:trojan-activity;sid:84562795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699696)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699696/; classtype:trojan-activity;sid:84562796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699690)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699690/; classtype:trojan-activity;sid:84562790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699691)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699691/; classtype:trojan-activity;sid:84562791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699689)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.113.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699689/; classtype:trojan-activity;sid:84562789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699685)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699685/; classtype:trojan-activity;sid:84562785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699686)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699686/; classtype:trojan-activity;sid:84562786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699687)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699687/; classtype:trojan-activity;sid:84562787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699688)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202203/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699688/; classtype:trojan-activity;sid:84562788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699675)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699675/; classtype:trojan-activity;sid:84562775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699676)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699676/; classtype:trojan-activity;sid:84562776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699677)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/docuimage/video.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699677/; classtype:trojan-activity;sid:84562777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699678)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699678/; classtype:trojan-activity;sid:84562778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699679)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/av.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699679/; classtype:trojan-activity;sid:84562779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699680)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/202208/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699680/; classtype:trojan-activity;sid:84562780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699681)"; flow:established,from_client; content:"GET"; http_method; content:"/tinh_cuoc_xe/2025/thanh%20ti%c3%aan/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"103.226.249.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699681/; classtype:trojan-activity;sid:84562781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699682)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699682/; classtype:trojan-activity;sid:84562782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699683)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699683/; classtype:trojan-activity;sid:84562783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699684)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/av.lnk"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699684/; classtype:trojan-activity;sid:84562784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699674)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699674/; classtype:trojan-activity;sid:84562774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699673)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201604/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699673/; classtype:trojan-activity;sid:84562773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699671)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699671/; classtype:trojan-activity;sid:84562771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699672)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.169.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699672/; classtype:trojan-activity;sid:84562772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699666)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202509/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699666/; classtype:trojan-activity;sid:84562766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699667)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699667/; classtype:trojan-activity;sid:84562767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699668)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699668/; classtype:trojan-activity;sid:84562768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699669)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699669/; classtype:trojan-activity;sid:84562769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699670)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699670/; classtype:trojan-activity;sid:84562770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699652)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/video.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699652/; classtype:trojan-activity;sid:84562752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699653)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/equipimage/av.lnk"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699653/; classtype:trojan-activity;sid:84562753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699654)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202008/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699654/; classtype:trojan-activity;sid:84562754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699655)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202007/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699655/; classtype:trojan-activity;sid:84562755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699656)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699656/; classtype:trojan-activity;sid:84562756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699657)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699657/; classtype:trojan-activity;sid:84562757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699658)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/video.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699658/; classtype:trojan-activity;sid:84562758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699659)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699659/; classtype:trojan-activity;sid:84562759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699660)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699660/; classtype:trojan-activity;sid:84562760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699661)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699661/; classtype:trojan-activity;sid:84562761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699662)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699662/; classtype:trojan-activity;sid:84562762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699663)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699663/; classtype:trojan-activity;sid:84562763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699664)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699664/; classtype:trojan-activity;sid:84562764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699665)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699665/; classtype:trojan-activity;sid:84562765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699651)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699651/; classtype:trojan-activity;sid:84562751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699649)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699649/; classtype:trojan-activity;sid:84562749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699650)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699650/; classtype:trojan-activity;sid:84562750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699646)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699646/; classtype:trojan-activity;sid:84562746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699647)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699647/; classtype:trojan-activity;sid:84562747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699648)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699648/; classtype:trojan-activity;sid:84562748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699641)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699641/; classtype:trojan-activity;sid:84562741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699642)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699642/; classtype:trojan-activity;sid:84562742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699643)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699643/; classtype:trojan-activity;sid:84562743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699644)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699644/; classtype:trojan-activity;sid:84562744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699645)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/photo.scr"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699645/; classtype:trojan-activity;sid:84562745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699631)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/info.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699631/; classtype:trojan-activity;sid:84562731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699632)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/av.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699632/; classtype:trojan-activity;sid:84562732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699633)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699633/; classtype:trojan-activity;sid:84562733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699634)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/av.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699634/; classtype:trojan-activity;sid:84562734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699635)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699635/; classtype:trojan-activity;sid:84562735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699636)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699636/; classtype:trojan-activity;sid:84562736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699637)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201512/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699637/; classtype:trojan-activity;sid:84562737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699638)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/video.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699638/; classtype:trojan-activity;sid:84562738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699639)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699639/; classtype:trojan-activity;sid:84562739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699640)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699640/; classtype:trojan-activity;sid:84562740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699628)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699628/; classtype:trojan-activity;sid:84562728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699629)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.9.243.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699629/; classtype:trojan-activity;sid:84562729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699630)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699630/; classtype:trojan-activity;sid:84562730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699624)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699624/; classtype:trojan-activity;sid:84562724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699625)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699625/; classtype:trojan-activity;sid:84562725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699626)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699626/; classtype:trojan-activity;sid:84562726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699627)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699627/; classtype:trojan-activity;sid:84562727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699623)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.26.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699623/; classtype:trojan-activity;sid:84562723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699621)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/update/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699621/; classtype:trojan-activity;sid:84562721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699622)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699622/; classtype:trojan-activity;sid:84562722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699620)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699620/; classtype:trojan-activity;sid:84562720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699617)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699617/; classtype:trojan-activity;sid:84562717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699618)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/av.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699618/; classtype:trojan-activity;sid:84562718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699619)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.89.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699619/; classtype:trojan-activity;sid:84562719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699602)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699602/; classtype:trojan-activity;sid:84562702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699603)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699603/; classtype:trojan-activity;sid:84562703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699604)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/av.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699604/; classtype:trojan-activity;sid:84562704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699605)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202301/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699605/; classtype:trojan-activity;sid:84562705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699606)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699606/; classtype:trojan-activity;sid:84562706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699607)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699607/; classtype:trojan-activity;sid:84562707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699608)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699608/; classtype:trojan-activity;sid:84562708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699609)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699609/; classtype:trojan-activity;sid:84562709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699610)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/photo.scr"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699610/; classtype:trojan-activity;sid:84562710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699611)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699611/; classtype:trojan-activity;sid:84562711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699612)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialimage/av.lnk"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699612/; classtype:trojan-activity;sid:84562712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699613)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699613/; classtype:trojan-activity;sid:84562713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699614)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699614/; classtype:trojan-activity;sid:84562714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699615)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699615/; classtype:trojan-activity;sid:84562715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699616)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/photo.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699616/; classtype:trojan-activity;sid:84562716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699599)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202505/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699599/; classtype:trojan-activity;sid:84562699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699600)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699600/; classtype:trojan-activity;sid:84562700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699601)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699601/; classtype:trojan-activity;sid:84562701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699595)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699595/; classtype:trojan-activity;sid:84562695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699596)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699596/; classtype:trojan-activity;sid:84562696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699597)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201707/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699597/; classtype:trojan-activity;sid:84562697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699598)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699598/; classtype:trojan-activity;sid:84562698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699592)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/photo.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699592/; classtype:trojan-activity;sid:84562692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699593)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699593/; classtype:trojan-activity;sid:84562693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699594)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.95.81.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699594/; classtype:trojan-activity;sid:84562694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699586)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699586/; classtype:trojan-activity;sid:84562686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699587)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201710/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699587/; classtype:trojan-activity;sid:84562687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699588)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201612/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699588/; classtype:trojan-activity;sid:84562688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699589)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/video.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699589/; classtype:trojan-activity;sid:84562689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699590)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/video.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699590/; classtype:trojan-activity;sid:84562690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699591)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699591/; classtype:trojan-activity;sid:84562691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699584)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.169.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699584/; classtype:trojan-activity;sid:84562684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699585)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699585/; classtype:trojan-activity;sid:84562685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699581)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699581/; classtype:trojan-activity;sid:84562681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699582)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202008/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699582/; classtype:trojan-activity;sid:84562682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699583)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/photo.scr"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699583/; classtype:trojan-activity;sid:84562683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699578)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699578/; classtype:trojan-activity;sid:84562678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699579)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699579/; classtype:trojan-activity;sid:84562679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699580)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699580/; classtype:trojan-activity;sid:84562680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699577)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699577/; classtype:trojan-activity;sid:84562677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699569)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699569/; classtype:trojan-activity;sid:84562669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699570)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/10/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699570/; classtype:trojan-activity;sid:84562670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699571)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699571/; classtype:trojan-activity;sid:84562671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699572)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/05/video.lnk"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699572/; classtype:trojan-activity;sid:84562672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699573)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201701/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699573/; classtype:trojan-activity;sid:84562673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699574)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201606/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699574/; classtype:trojan-activity;sid:84562674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699575)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/photo.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699575/; classtype:trojan-activity;sid:84562675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699576)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699576/; classtype:trojan-activity;sid:84562676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699566)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201605/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699566/; classtype:trojan-activity;sid:84562666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699567)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201701/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699567/; classtype:trojan-activity;sid:84562667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699568)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202305/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699568/; classtype:trojan-activity;sid:84562668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699565)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/video.scr"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699565/; classtype:trojan-activity;sid:84562665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699563)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/install/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699563/; classtype:trojan-activity;sid:84562663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699564)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699564/; classtype:trojan-activity;sid:84562664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699562)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2013/handy2013/whatsapp%20bilder/photo.scr"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699562/; classtype:trojan-activity;sid:84562662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699560)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2011/berlin/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699560/; classtype:trojan-activity;sid:84562660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699561)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699561/; classtype:trojan-activity;sid:84562661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699559)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.84.169.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699559/; classtype:trojan-activity;sid:84562659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699556)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201907/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699556/; classtype:trojan-activity;sid:84562656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699557)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699557/; classtype:trojan-activity;sid:84562657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699558)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699558/; classtype:trojan-activity;sid:84562658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699547)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/video.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699547/; classtype:trojan-activity;sid:84562647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699548)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202106/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699548/; classtype:trojan-activity;sid:84562648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699549)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699549/; classtype:trojan-activity;sid:84562649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699550)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699550/; classtype:trojan-activity;sid:84562650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699551)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699551/; classtype:trojan-activity;sid:84562651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699552)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/busiprocess/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699552/; classtype:trojan-activity;sid:84562652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699553)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/08/video.lnk"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699553/; classtype:trojan-activity;sid:84562653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699554)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202102/av.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699554/; classtype:trojan-activity;sid:84562654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699555)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699555/; classtype:trojan-activity;sid:84562655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699544)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201702/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699544/; classtype:trojan-activity;sid:84562644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699545)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699545/; classtype:trojan-activity;sid:84562645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699546)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201804/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699546/; classtype:trojan-activity;sid:84562646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699543)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699543/; classtype:trojan-activity;sid:84562643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699540)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201711/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699540/; classtype:trojan-activity;sid:84562640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699541)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699541/; classtype:trojan-activity;sid:84562641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699542)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699542/; classtype:trojan-activity;sid:84562642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699538)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/photo.scr"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699538/; classtype:trojan-activity;sid:84562638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699539)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699539/; classtype:trojan-activity;sid:84562639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699528)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699528/; classtype:trojan-activity;sid:84562628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699529)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699529/; classtype:trojan-activity;sid:84562629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699530)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/infodb/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699530/; classtype:trojan-activity;sid:84562630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699531)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/av.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699531/; classtype:trojan-activity;sid:84562631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699532)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201605/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699532/; classtype:trojan-activity;sid:84562632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699533)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699533/; classtype:trojan-activity;sid:84562633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699534)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699534/; classtype:trojan-activity;sid:84562634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699535)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/av.scr"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699535/; classtype:trojan-activity;sid:84562635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699536)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699536/; classtype:trojan-activity;sid:84562636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699537)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.28.108.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699537/; classtype:trojan-activity;sid:84562637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699525)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201806/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699525/; classtype:trojan-activity;sid:84562625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699526)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201805/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699526/; classtype:trojan-activity;sid:84562626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699527)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/inspecterrorimage/video.scr"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699527/; classtype:trojan-activity;sid:84562627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699521)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/09/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699521/; classtype:trojan-activity;sid:84562621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699522)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699522/; classtype:trojan-activity;sid:84562622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699523)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699523/; classtype:trojan-activity;sid:84562623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699524)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.154.94.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699524/; classtype:trojan-activity;sid:84562624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699518)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699518/; classtype:trojan-activity;sid:84562618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699519)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202103/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699519/; classtype:trojan-activity;sid:84562619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699520)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699520/; classtype:trojan-activity;sid:84562620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699513)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202108/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699513/; classtype:trojan-activity;sid:84562613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699514)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201705/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699514/; classtype:trojan-activity;sid:84562614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699515)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msgaddfiles/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699515/; classtype:trojan-activity;sid:84562615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699516)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699516/; classtype:trojan-activity;sid:84562616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699517)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2010/anh%c3%a4nger/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699517/; classtype:trojan-activity;sid:84562617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699506)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699506/; classtype:trojan-activity;sid:84562606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699507)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699507/; classtype:trojan-activity;sid:84562607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699508)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201807/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699508/; classtype:trojan-activity;sid:84562608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699509)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699509/; classtype:trojan-activity;sid:84562609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699510)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699510/; classtype:trojan-activity;sid:84562610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699511)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699511/; classtype:trojan-activity;sid:84562611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699512)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/av.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699512/; classtype:trojan-activity;sid:84562612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699501)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202506/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699501/; classtype:trojan-activity;sid:84562601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699502)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.16.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699502/; classtype:trojan-activity;sid:84562602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699503)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699503/; classtype:trojan-activity;sid:84562603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699504)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/saledocu/202105/video.lnk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699504/; classtype:trojan-activity;sid:84562604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699505)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201802/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699505/; classtype:trojan-activity;sid:84562605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699499)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201601/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699499/; classtype:trojan-activity;sid:84562599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699500)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/09/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699500/; classtype:trojan-activity;sid:84562600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699498)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.118.243.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699498/; classtype:trojan-activity;sid:84562598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699496)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202112/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699496/; classtype:trojan-activity;sid:84562596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699497)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.99.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699497/; classtype:trojan-activity;sid:84562597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699495)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.138.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699495/; classtype:trojan-activity;sid:84562595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699493)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2011/collagen/photo.scr"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699493/; classtype:trojan-activity;sid:84562593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699494)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/av.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699494/; classtype:trojan-activity;sid:84562594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699484)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202007/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699484/; classtype:trojan-activity;sid:84562584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699485)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699485/; classtype:trojan-activity;sid:84562585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699486)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699486/; classtype:trojan-activity;sid:84562586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699487)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202405/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699487/; classtype:trojan-activity;sid:84562587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699488)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/ckeditorimage/2024/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699488/; classtype:trojan-activity;sid:84562588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699489)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201702/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699489/; classtype:trojan-activity;sid:84562589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699490)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699490/; classtype:trojan-activity;sid:84562590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699491)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202008/av.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699491/; classtype:trojan-activity;sid:84562591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699492)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699492/; classtype:trojan-activity;sid:84562592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699482)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.135.225.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699482/; classtype:trojan-activity;sid:84562582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699483)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"110.81.115.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699483/; classtype:trojan-activity;sid:84562583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699475)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/11/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699475/; classtype:trojan-activity;sid:84562575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699476)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empseal/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699476/; classtype:trojan-activity;sid:84562576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699477)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201805/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699477/; classtype:trojan-activity;sid:84562577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699478)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201608/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699478/; classtype:trojan-activity;sid:84562578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699479)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201706/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699479/; classtype:trojan-activity;sid:84562579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699480)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201705/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699480/; classtype:trojan-activity;sid:84562580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699481)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201609/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699481/; classtype:trojan-activity;sid:84562581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699474)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/av.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699474/; classtype:trojan-activity;sid:84562574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699467)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699467/; classtype:trojan-activity;sid:84562567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699468)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699468/; classtype:trojan-activity;sid:84562568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699469)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699469/; classtype:trojan-activity;sid:84562569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699470)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.213.28.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699470/; classtype:trojan-activity;sid:84562570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699471)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202009/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699471/; classtype:trojan-activity;sid:84562571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699472)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.56.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699472/; classtype:trojan-activity;sid:84562572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699473)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.80.79.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699473/; classtype:trojan-activity;sid:84562573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699455)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/av.scr"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699455/; classtype:trojan-activity;sid:84562555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699456)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/202012/photo.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699456/; classtype:trojan-activity;sid:84562556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699457)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699457/; classtype:trojan-activity;sid:84562557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699458)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/video.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699458/; classtype:trojan-activity;sid:84562558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699459)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699459/; classtype:trojan-activity;sid:84562559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699460)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201602/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699460/; classtype:trojan-activity;sid:84562560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699461)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699461/; classtype:trojan-activity;sid:84562561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699462)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699462/; classtype:trojan-activity;sid:84562562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699463)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699463/; classtype:trojan-activity;sid:84562563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699464)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/202003/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699464/; classtype:trojan-activity;sid:84562564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699465)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/av.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699465/; classtype:trojan-activity;sid:84562565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699466)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/06/av.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699466/; classtype:trojan-activity;sid:84562566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699449)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201707/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699449/; classtype:trojan-activity;sid:84562549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699450)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/video.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699450/; classtype:trojan-activity;sid:84562550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699451)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699451/; classtype:trojan-activity;sid:84562551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699452)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201907/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699452/; classtype:trojan-activity;sid:84562552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699453)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/06/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699453/; classtype:trojan-activity;sid:84562553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699454)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699454/; classtype:trojan-activity;sid:84562554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699448)"; flow:established,from_client; content:"GET"; http_method; content:"/bilder/2011/t%c3%bcrkei2011/photo.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"92.116.223.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699448/; classtype:trojan-activity;sid:84562548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.178.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699447/; classtype:trojan-activity;sid:84562547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699446)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/photo.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699446/; classtype:trojan-activity;sid:84562546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699445)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699445/; classtype:trojan-activity;sid:84562545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699433)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202110/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699433/; classtype:trojan-activity;sid:84562533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699434)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/photo.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699434/; classtype:trojan-activity;sid:84562534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699435)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699435/; classtype:trojan-activity;sid:84562535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699436)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/av.lnk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699436/; classtype:trojan-activity;sid:84562536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699437)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/photo.lnk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699437/; classtype:trojan-activity;sid:84562537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699438)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202101/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699438/; classtype:trojan-activity;sid:84562538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699439)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.5.119"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699439/; classtype:trojan-activity;sid:84562539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699440)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/07/photo.scr"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699440/; classtype:trojan-activity;sid:84562540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699441)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/empstamp/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699441/; classtype:trojan-activity;sid:84562541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699442)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201906/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699442/; classtype:trojan-activity;sid:84562542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699443)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201801/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699443/; classtype:trojan-activity;sid:84562543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699444)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/av.scr"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699444/; classtype:trojan-activity;sid:84562544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699427)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202109/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699427/; classtype:trojan-activity;sid:84562527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699428)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699428/; classtype:trojan-activity;sid:84562528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699429)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/video.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699429/; classtype:trojan-activity;sid:84562529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699430)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/av.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699430/; classtype:trojan-activity;sid:84562530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699431)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202102/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699431/; classtype:trojan-activity;sid:84562531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699432)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202010/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699432/; classtype:trojan-activity;sid:84562532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699424)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201611/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699424/; classtype:trojan-activity;sid:84562524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699425)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201708/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699425/; classtype:trojan-activity;sid:84562525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699426)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/image/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699426/; classtype:trojan-activity;sid:84562526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699422)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/ipluspop/install/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699422/; classtype:trojan-activity;sid:84562522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699423)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201606/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699423/; classtype:trojan-activity;sid:84562523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699421)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201709/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699421/; classtype:trojan-activity;sid:84562521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699419)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.26.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699419/; classtype:trojan-activity;sid:84562519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699420)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.182.165.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699420/; classtype:trojan-activity;sid:84562520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699415)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699415/; classtype:trojan-activity;sid:84562515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699416)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202104/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699416/; classtype:trojan-activity;sid:84562516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699417)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201610/photo.scr"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699417/; classtype:trojan-activity;sid:84562517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699418)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/video.scr"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699418/; classtype:trojan-activity;sid:84562518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699410)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201611/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699410/; classtype:trojan-activity;sid:84562510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699411)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201603/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699411/; classtype:trojan-activity;sid:84562511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699412)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699412/; classtype:trojan-activity;sid:84562512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699413)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202107/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699413/; classtype:trojan-activity;sid:84562513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699414)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/av.scr"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699414/; classtype:trojan-activity;sid:84562514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699406)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699406/; classtype:trojan-activity;sid:84562506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699407)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699407/; classtype:trojan-activity;sid:84562507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699408)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202406/photo.lnk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699408/; classtype:trojan-activity;sid:84562508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699409)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201803/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699409/; classtype:trojan-activity;sid:84562509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699399)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/repair_img/video.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699399/; classtype:trojan-activity;sid:84562499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699400)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201608/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699400/; classtype:trojan-activity;sid:84562500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699401)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201704/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699401/; classtype:trojan-activity;sid:84562501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699402)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699402/; classtype:trojan-activity;sid:84562502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699403)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201603/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699403/; classtype:trojan-activity;sid:84562503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699404)"; flow:established,from_client; content:"GET"; http_method; content:"/program/taega/bk/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699404/; classtype:trojan-activity;sid:84562504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699405)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/05/av.lnk"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699405/; classtype:trojan-activity;sid:84562505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699397)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201903/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699397/; classtype:trojan-activity;sid:84562497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699398)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201511/video.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699398/; classtype:trojan-activity;sid:84562498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699395)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2024/photo.scr"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699395/; classtype:trojan-activity;sid:84562495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699396)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/emppic/photo.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699396/; classtype:trojan-activity;sid:84562496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699393)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/photo.scr"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699393/; classtype:trojan-activity;sid:84562493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699394)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.194.81.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699394/; classtype:trojan-activity;sid:84562494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699391)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202105/photo.scr"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699391/; classtype:trojan-activity;sid:84562491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699392)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/202009/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699392/; classtype:trojan-activity;sid:84562492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699380)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201607/av.lnk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699380/; classtype:trojan-activity;sid:84562480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699381)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201801/photo.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699381/; classtype:trojan-activity;sid:84562481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699382)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/materialqcimage/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699382/; classtype:trojan-activity;sid:84562482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699383)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201806/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699383/; classtype:trojan-activity;sid:84562483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699384)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201610/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699384/; classtype:trojan-activity;sid:84562484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699385)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture1/201710/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699385/; classtype:trojan-activity;sid:84562485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699386)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699386/; classtype:trojan-activity;sid:84562486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699387)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/docu/202202/info.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699387/; classtype:trojan-activity;sid:84562487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699388)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.76.61.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699388/; classtype:trojan-activity;sid:84562488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699389)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/av.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699389/; classtype:trojan-activity;sid:84562489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699390)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/library/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699390/; classtype:trojan-activity;sid:84562490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699371)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp_133-81-23281/image/ckeditorimage/2025/05/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699371/; classtype:trojan-activity;sid:84562471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699372)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/msg/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699372/; classtype:trojan-activity;sid:84562472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699373)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201803/av.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699373/; classtype:trojan-activity;sid:84562473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699374)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201604/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699374/; classtype:trojan-activity;sid:84562474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699375)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201703/video.lnk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699375/; classtype:trojan-activity;sid:84562475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699376)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/docu/201811/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699376/; classtype:trojan-activity;sid:84562476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699377)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/library/201607/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699377/; classtype:trojan-activity;sid:84562477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699378)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/itempicture/201612/video.lnk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699378/; classtype:trojan-activity;sid:84562478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699379)"; flow:established,from_client; content:"GET"; http_method; content:"/wf_ftp/sy/video.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"211.169.231.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699379/; classtype:trojan-activity;sid:84562479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699370)"; flow:established,from_client; content:"GET"; http_method; content:"/crypted_guardfile.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.115.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699370/; classtype:trojan-activity;sid:84562470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.122.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699369/; classtype:trojan-activity;sid:84562469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.26.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699368/; classtype:trojan-activity;sid:84562468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699367/; classtype:trojan-activity;sid:84562467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699366)"; flow:established,from_client; content:"GET"; http_method; content:"/9jkxaoby"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"feuer.emberkranz.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699366/; classtype:trojan-activity;sid:84562466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.29.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699365/; classtype:trojan-activity;sid:84562465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.198.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699364/; classtype:trojan-activity;sid:84562464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699363)"; flow:established,from_client; content:"GET"; http_method; content:"/eb0us0xz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"spark.flintwerder.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699363/; classtype:trojan-activity;sid:84562463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.247.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699362/; classtype:trojan-activity;sid:84562462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.93.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699361/; classtype:trojan-activity;sid:84562461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.206.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699360/; classtype:trojan-activity;sid:84562460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.94.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699359/; classtype:trojan-activity;sid:84562459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.62.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699358/; classtype:trojan-activity;sid:84562458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699357)"; flow:established,from_client; content:"GET"; http_method; content:"/bpv5rl0x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stein.flintwerder.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699357/; classtype:trojan-activity;sid:84562457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.110.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699356/; classtype:trojan-activity;sid:84562456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.186.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699355/; classtype:trojan-activity;sid:84562455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.50.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699354/; classtype:trojan-activity;sid:84562454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699352/; classtype:trojan-activity;sid:84562452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.212.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699353/; classtype:trojan-activity;sid:84562453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699351)"; flow:established,from_client; content:"GET"; http_method; content:"/ke9a0rea"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pfad.zirconweg.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699351/; classtype:trojan-activity;sid:84562451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.77.146.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699350/; classtype:trojan-activity;sid:84562450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699349/; classtype:trojan-activity;sid:84562449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699348)"; flow:established,from_client; content:"GET"; http_method; content:"/go0zsgvg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"grat.citrinewald.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699348/; classtype:trojan-activity;sid:84562448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.50.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699347/; classtype:trojan-activity;sid:84562447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699346)"; flow:established,from_client; content:"GET"; http_method; content:"/0hswntbr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"licht.citrinewald.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699346/; classtype:trojan-activity;sid:84562446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.65.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699344/; classtype:trojan-activity;sid:84562444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.167.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699345/; classtype:trojan-activity;sid:84562445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.212.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699343/; classtype:trojan-activity;sid:84562443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.246.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699342/; classtype:trojan-activity;sid:84562442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699338)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699338/; classtype:trojan-activity;sid:84562438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699339)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699339/; classtype:trojan-activity;sid:84562439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699340)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699340/; classtype:trojan-activity;sid:84562440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699341)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699341/; classtype:trojan-activity;sid:84562441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.77.146.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699337/; classtype:trojan-activity;sid:84562437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699336)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699336/; classtype:trojan-activity;sid:84562436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699335)"; flow:established,from_client; content:"GET"; http_method; content:"/sh81vyks"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"amber.citrinewald.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699335/; classtype:trojan-activity;sid:84562435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.78.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699334/; classtype:trojan-activity;sid:84562434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.85.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699333/; classtype:trojan-activity;sid:84562433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.172.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699332/; classtype:trojan-activity;sid:84562432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.6.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699331/; classtype:trojan-activity;sid:84562431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.89.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699330/; classtype:trojan-activity;sid:84562430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699329)"; flow:established,from_client; content:"GET"; http_method; content:"/o1yz81kj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rune.jasperhain.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699329/; classtype:trojan-activity;sid:84562429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.167.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699328/; classtype:trojan-activity;sid:84562428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699327)"; flow:established,from_client; content:"GET"; http_method; content:"/7ey5ni4q"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"moor.jasperhain.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699327/; classtype:trojan-activity;sid:84562427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.246.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699326/; classtype:trojan-activity;sid:84562426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.68.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699325/; classtype:trojan-activity;sid:84562425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.124.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699324/; classtype:trojan-activity;sid:84562424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699323/; classtype:trojan-activity;sid:84562423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.152.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699322/; classtype:trojan-activity;sid:84562422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.47.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699321/; classtype:trojan-activity;sid:84562421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699320)"; flow:established,from_client; content:"GET"; http_method; content:"/wiwam7w1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"raum.rubyraum.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699320/; classtype:trojan-activity;sid:84562420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.72.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699319/; classtype:trojan-activity;sid:84562419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.126.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699318/; classtype:trojan-activity;sid:84562418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699317)"; flow:established,from_client; content:"GET"; http_method; content:"/ogjbgw8x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ruby.rubyraum.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699317/; classtype:trojan-activity;sid:84562417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.152.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699316/; classtype:trojan-activity;sid:84562416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699315)"; flow:established,from_client; content:"GET"; http_method; content:"/owpvpwiu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gruen.jadeecke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699315/; classtype:trojan-activity;sid:84562415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699314)"; flow:established,from_client; content:"GET"; http_method; content:"/9l2hf9nq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ecke.jadeecke.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699314/; classtype:trojan-activity;sid:84562414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.124.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699313/; classtype:trojan-activity;sid:84562413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699312)"; flow:established,from_client; content:"GET"; http_method; content:"/y3acdabb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jade.jadeecke.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699312/; classtype:trojan-activity;sid:84562412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.224.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699311/; classtype:trojan-activity;sid:84562411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.47.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699310/; classtype:trojan-activity;sid:84562410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699309)"; flow:established,from_client; content:"GET"; http_method; content:"/1joe84jp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wind.hawkmast.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699309/; classtype:trojan-activity;sid:84562409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.247.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699308/; classtype:trojan-activity;sid:84562408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699307)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.246.109.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699307/; classtype:trojan-activity;sid:84562407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.53.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699306/; classtype:trojan-activity;sid:84562406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.63.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699305/; classtype:trojan-activity;sid:84562405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.130.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699304/; classtype:trojan-activity;sid:84562404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.83.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699303/; classtype:trojan-activity;sid:84562403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699302/; classtype:trojan-activity;sid:84562402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.47.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699301/; classtype:trojan-activity;sid:84562401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699300)"; flow:established,from_client; content:"GET"; http_method; content:"/yy6jhe7f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0er.owlflug.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699300/; classtype:trojan-activity;sid:84562400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.199.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699299/; classtype:trojan-activity;sid:84562399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.63.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699298/; classtype:trojan-activity;sid:84562398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.130.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699297/; classtype:trojan-activity;sid:84562397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.48.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699296/; classtype:trojan-activity;sid:84562396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.53.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699295/; classtype:trojan-activity;sid:84562395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.175.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699294/; classtype:trojan-activity;sid:84562394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.191.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699293/; classtype:trojan-activity;sid:84562393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699292)"; flow:established,from_client; content:"GET"; http_method; content:"/h6yfzjcw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.heronturm.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699292/; classtype:trojan-activity;sid:84562392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.48.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699291/; classtype:trojan-activity;sid:84562391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.33.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699290/; classtype:trojan-activity;sid:84562390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.173.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699289/; classtype:trojan-activity;sid:84562389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.121.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699288/; classtype:trojan-activity;sid:84562388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.33.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699287/; classtype:trojan-activity;sid:84562387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.182.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699286/; classtype:trojan-activity;sid:84562386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.115.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699285/; classtype:trojan-activity;sid:84562385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.175.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699284/; classtype:trojan-activity;sid:84562384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699283)"; flow:established,from_client; content:"GET"; http_method; content:"/ai18js1b"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"schiff.pumaschiff.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699283/; classtype:trojan-activity;sid:84562383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699282/; classtype:trojan-activity;sid:84562382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699281)"; flow:established,from_client; content:"GET"; http_method; content:"/td44cy8s"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"claw.tigerzaun.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699281/; classtype:trojan-activity;sid:84562381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.194.28.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699280/; classtype:trojan-activity;sid:84562380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.121.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699279/; classtype:trojan-activity;sid:84562379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699270)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699270/; classtype:trojan-activity;sid:84562370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699271)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699271/; classtype:trojan-activity;sid:84562371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699272)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699272/; classtype:trojan-activity;sid:84562372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699273)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699273/; classtype:trojan-activity;sid:84562373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699274)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699274/; classtype:trojan-activity;sid:84562374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699275)"; flow:established,from_client; content:"GET"; http_method; content:"/ipcam.goahead-rep.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699275/; classtype:trojan-activity;sid:84562375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699276)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.jaws.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699276/; classtype:trojan-activity;sid:84562376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699277)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699277/; classtype:trojan-activity;sid:84562377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699278)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699278/; classtype:trojan-activity;sid:84562378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699269)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.tvt-rep.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699269/; classtype:trojan-activity;sid:84562369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699266)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.lilin-rep.sh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699266/; classtype:trojan-activity;sid:84562366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699267)"; flow:established,from_client; content:"GET"; http_method; content:"/router.lblink-rep.sh"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699267/; classtype:trojan-activity;sid:84562367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699268)"; flow:established,from_client; content:"GET"; http_method; content:"/frost.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.84.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699268/; classtype:trojan-activity;sid:84562368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699265)"; flow:established,from_client; content:"GET"; http_method; content:"/hlryqtcq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zaun.tigerzaun.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699265/; classtype:trojan-activity;sid:84562365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.194.28.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699264/; classtype:trojan-activity;sid:84562364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.182.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699263/; classtype:trojan-activity;sid:84562363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.155.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699261/; classtype:trojan-activity;sid:84562361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699262/; classtype:trojan-activity;sid:84562362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.50.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699260/; classtype:trojan-activity;sid:84562360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699259)"; flow:established,from_client; content:"GET"; http_method; content:"/ncgq3k2q"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tiger.tigerzaun.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699259/; classtype:trojan-activity;sid:84562359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.173.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699258/; classtype:trojan-activity;sid:84562358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.232.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699257/; classtype:trojan-activity;sid:84562357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.132.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699256/; classtype:trojan-activity;sid:84562356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.218.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699254/; classtype:trojan-activity;sid:84562354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.122.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699255/; classtype:trojan-activity;sid:84562355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699253)"; flow:established,from_client; content:"GET"; http_method; content:"/jvrp3w4w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zeit.cranezeit.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699253/; classtype:trojan-activity;sid:84562353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.188.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699252/; classtype:trojan-activity;sid:84562352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.155.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699251/; classtype:trojan-activity;sid:84562351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.106.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699250/; classtype:trojan-activity;sid:84562350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699249)"; flow:established,from_client; content:"GET"; http_method; content:"/b3"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.234.96.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699249/; classtype:trojan-activity;sid:84562349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.58.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699248/; classtype:trojan-activity;sid:84562348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699247/; classtype:trojan-activity;sid:84562347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.188.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699246/; classtype:trojan-activity;sid:84562346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699245)"; flow:established,from_client; content:"GET"; http_method; content:"/kpxajo1x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wolke.cloudkreis.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699245/; classtype:trojan-activity;sid:84562345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699240)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699240/; classtype:trojan-activity;sid:84562340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699241)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699241/; classtype:trojan-activity;sid:84562341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699242)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699242/; classtype:trojan-activity;sid:84562342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699243)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699243/; classtype:trojan-activity;sid:84562343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699244)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699244/; classtype:trojan-activity;sid:84562344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699235)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699235/; classtype:trojan-activity;sid:84562335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699236)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699236/; classtype:trojan-activity;sid:84562336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699237)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699237/; classtype:trojan-activity;sid:84562337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699238)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699238/; classtype:trojan-activity;sid:84562338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699239)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699239/; classtype:trojan-activity;sid:84562339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699230)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699230/; classtype:trojan-activity;sid:84562330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699231)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699231/; classtype:trojan-activity;sid:84562331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699232)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699232/; classtype:trojan-activity;sid:84562332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699233)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699233/; classtype:trojan-activity;sid:84562333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699234)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.72.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699234/; classtype:trojan-activity;sid:84562334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.75.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699229/; classtype:trojan-activity;sid:84562329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.218.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699228/; classtype:trojan-activity;sid:84562328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699226/; classtype:trojan-activity;sid:84562326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.132.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699227/; classtype:trojan-activity;sid:84562327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.106.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699225/; classtype:trojan-activity;sid:84562325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.124.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699224/; classtype:trojan-activity;sid:84562324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.109.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699223/; classtype:trojan-activity;sid:84562323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699222)"; flow:established,from_client; content:"GET"; http_method; content:"/5wcp9zlz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cloud.cloudkreis.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699222/; classtype:trojan-activity;sid:84562322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.75.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699221/; classtype:trojan-activity;sid:84562321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699220)"; flow:established,from_client; content:"GET"; http_method; content:"/yc5cwobj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rad.rainrad.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699220/; classtype:trojan-activity;sid:84562320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.108.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699219/; classtype:trojan-activity;sid:84562319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.124.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699218/; classtype:trojan-activity;sid:84562318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.222.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699217/; classtype:trojan-activity;sid:84562317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.87.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699216/; classtype:trojan-activity;sid:84562316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.60.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699215/; classtype:trojan-activity;sid:84562315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.0.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699214/; classtype:trojan-activity;sid:84562314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.251.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699213/; classtype:trojan-activity;sid:84562313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.235.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699212/; classtype:trojan-activity;sid:84562312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699211/; classtype:trojan-activity;sid:84562311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699210)"; flow:established,from_client; content:"GET"; http_method; content:"/b4xcsunm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"weg.otterweg.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699210/; classtype:trojan-activity;sid:84562310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699209/; classtype:trojan-activity;sid:84562309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.98.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699208/; classtype:trojan-activity;sid:84562308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699207)"; flow:established,from_client; content:"GET"; http_method; content:"/j0yfvhmy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"otter.otterweg.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699207/; classtype:trojan-activity;sid:84562307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.87.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699206/; classtype:trojan-activity;sid:84562306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.108.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699205/; classtype:trojan-activity;sid:84562305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.60.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699204/; classtype:trojan-activity;sid:84562304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.251.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699203/; classtype:trojan-activity;sid:84562303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.235.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699202/; classtype:trojan-activity;sid:84562302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.66.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699201/; classtype:trojan-activity;sid:84562301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.191.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699200/; classtype:trojan-activity;sid:84562300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.182.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699199/; classtype:trojan-activity;sid:84562299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.36.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699198/; classtype:trojan-activity;sid:84562298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.164.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699197/; classtype:trojan-activity;sid:84562297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.95.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699196/; classtype:trojan-activity;sid:84562296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.17.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699195/; classtype:trojan-activity;sid:84562295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.108.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699194/; classtype:trojan-activity;sid:84562294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.80.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699193/; classtype:trojan-activity;sid:84562293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.135.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699192/; classtype:trojan-activity;sid:84562292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.234.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699191/; classtype:trojan-activity;sid:84562291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.222.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699190/; classtype:trojan-activity;sid:84562290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699189)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/wwae789.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699189/; classtype:trojan-activity;sid:84562289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.247.88.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699188/; classtype:trojan-activity;sid:84562288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.182.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699187/; classtype:trojan-activity;sid:84562287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699186)"; flow:established,from_client; content:"GET"; http_method; content:"/e5a5yll8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"feld.harewinkel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699186/; classtype:trojan-activity;sid:84562286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699185/; classtype:trojan-activity;sid:84562285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.78.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699184/; classtype:trojan-activity;sid:84562284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.164.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699183/; classtype:trojan-activity;sid:84562283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.164.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699182/; classtype:trojan-activity;sid:84562282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699181)"; flow:established,from_client; content:"GET"; http_method; content:"/9rzq58a5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"winkel.harewinkel.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699181/; classtype:trojan-activity;sid:84562281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.222.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699180/; classtype:trojan-activity;sid:84562280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699179)"; flow:established,from_client; content:"GET"; http_method; content:"/24lxa1im"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hare.harewinkel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699179/; classtype:trojan-activity;sid:84562279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.173.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699178/; classtype:trojan-activity;sid:84562278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.206.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699177/; classtype:trojan-activity;sid:84562277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.234.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699176/; classtype:trojan-activity;sid:84562276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699175/; classtype:trojan-activity;sid:84562275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699174)"; flow:established,from_client; content:"GET"; http_method; content:"/fsvprq1h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wald.martenhain.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699174/; classtype:trojan-activity;sid:84562274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699173)"; flow:established,from_client; content:"GET"; http_method; content:"/zcqa8b0c"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hain.martenhain.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699173/; classtype:trojan-activity;sid:84562273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.28.230.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699172/; classtype:trojan-activity;sid:84562272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.110.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699171/; classtype:trojan-activity;sid:84562271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.181.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699170/; classtype:trojan-activity;sid:84562270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.68.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699169/; classtype:trojan-activity;sid:84562269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699168)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699168/; classtype:trojan-activity;sid:84562268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.206.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699167/; classtype:trojan-activity;sid:84562267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.81.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699166/; classtype:trojan-activity;sid:84562266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.28.230.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699165/; classtype:trojan-activity;sid:84562265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.72.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699164/; classtype:trojan-activity;sid:84562264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.68.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699163/; classtype:trojan-activity;sid:84562263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.4.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699162/; classtype:trojan-activity;sid:84562262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.9.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699161/; classtype:trojan-activity;sid:84562261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699160/; classtype:trojan-activity;sid:84562260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699159)"; flow:established,from_client; content:"GET"; http_method; content:"/5e1krcap"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"peak.eaglekrone.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699159/; classtype:trojan-activity;sid:84562259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.117.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699158/; classtype:trojan-activity;sid:84562258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699157/; classtype:trojan-activity;sid:84562257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.158.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699156/; classtype:trojan-activity;sid:84562256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.57.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699155/; classtype:trojan-activity;sid:84562255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.185.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699154/; classtype:trojan-activity;sid:84562254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.81.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699153/; classtype:trojan-activity;sid:84562253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.117.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699152/; classtype:trojan-activity;sid:84562252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.116.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699151/; classtype:trojan-activity;sid:84562251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.9.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699150/; classtype:trojan-activity;sid:84562250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699149/; classtype:trojan-activity;sid:84562249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699148)"; flow:established,from_client; content:"GET"; http_method; content:"/tzdii2vm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wren.wrenhafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699148/; classtype:trojan-activity;sid:84562248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.83.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699147/; classtype:trojan-activity;sid:84562247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699145/; classtype:trojan-activity;sid:84562245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.191.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699146/; classtype:trojan-activity;sid:84562246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699144)"; flow:established,from_client; content:"GET"; http_method; content:"/815iq1kj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wild.boargrund.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699144/; classtype:trojan-activity;sid:84562244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699141/; classtype:trojan-activity;sid:84562241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.77.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699142/; classtype:trojan-activity;sid:84562242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.240.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699143/; classtype:trojan-activity;sid:84562243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.116.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699140/; classtype:trojan-activity;sid:84562240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.158.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699139/; classtype:trojan-activity;sid:84562239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.35.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699138/; classtype:trojan-activity;sid:84562238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.136.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699135/; classtype:trojan-activity;sid:84562235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.21.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699136/; classtype:trojan-activity;sid:84562236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.8.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699137/; classtype:trojan-activity;sid:84562237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.123.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699134/; classtype:trojan-activity;sid:84562234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699133)"; flow:established,from_client; content:"GET"; http_method; content:"/fpfbz5gh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"heath.beechmoor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699133/; classtype:trojan-activity;sid:84562233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699132/; classtype:trojan-activity;sid:84562232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.191.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699131/; classtype:trojan-activity;sid:84562231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699130/; classtype:trojan-activity;sid:84562230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699129/; classtype:trojan-activity;sid:84562229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.136.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699128/; classtype:trojan-activity;sid:84562228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699127)"; flow:established,from_client; content:"GET"; http_method; content:"/1w2w.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"virtvan.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699127/; classtype:trojan-activity;sid:84562227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699126)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"virtvan.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699126/; classtype:trojan-activity;sid:84562226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699125)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting/windows/invite.php"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mine.teknikbayi.com.tr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699125/; classtype:trojan-activity;sid:84562225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.97.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699123/; classtype:trojan-activity;sid:84562223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.177.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699124/; classtype:trojan-activity;sid:84562224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699122)"; flow:established,from_client; content:"GET"; http_method; content:"/0any6gop"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fluss.nickelweide.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699122/; classtype:trojan-activity;sid:84562222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.89.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699121/; classtype:trojan-activity;sid:84562221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699120/; classtype:trojan-activity;sid:84562220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699119/; classtype:trojan-activity;sid:84562219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.208.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699118/; classtype:trojan-activity;sid:84562218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699117/; classtype:trojan-activity;sid:84562217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699116)"; flow:established,from_client; content:"GET"; http_method; content:"/qix7ft79"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4q.rubyraum.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699116/; classtype:trojan-activity;sid:84562216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.123.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699115/; classtype:trojan-activity;sid:84562215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699114)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6306648329/qri0ssa.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699114/; classtype:trojan-activity;sid:84562214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.59.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699113/; classtype:trojan-activity;sid:84562213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.103.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699112/; classtype:trojan-activity;sid:84562212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.148.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699111/; classtype:trojan-activity;sid:84562211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699110)"; flow:established,from_client; content:"GET"; http_method; content:"/soda7rav"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"frost.icylotus.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699110/; classtype:trojan-activity;sid:84562210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699109)"; flow:established,from_client; content:"GET"; http_method; content:"/f8ci831a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"weave.m00nweaver.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699109/; classtype:trojan-activity;sid:84562209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699108/; classtype:trojan-activity;sid:84562208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.253.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699107/; classtype:trojan-activity;sid:84562207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.103.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699106/; classtype:trojan-activity;sid:84562206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.223.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699104/; classtype:trojan-activity;sid:84562204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.4.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699105/; classtype:trojan-activity;sid:84562205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.10.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699103/; classtype:trojan-activity;sid:84562203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699102)"; flow:established,from_client; content:"GET"; http_method; content:"/bg4b5hu1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mist.1ittleriver.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699102/; classtype:trojan-activity;sid:84562202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.126.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699101/; classtype:trojan-activity;sid:84562201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.139.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699100/; classtype:trojan-activity;sid:84562200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699099)"; flow:established,from_client; content:"GET"; http_method; content:"/8oyfahbf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"stern.1ittleriver.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699099/; classtype:trojan-activity;sid:84562199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.233.83.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699098/; classtype:trojan-activity;sid:84562198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.108.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699097/; classtype:trojan-activity;sid:84562197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.103.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699096/; classtype:trojan-activity;sid:84562196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699095)"; flow:established,from_client; content:"GET"; http_method; content:"/y1qw246a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fluss.1ittleriver.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699095/; classtype:trojan-activity;sid:84562195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.21.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699094/; classtype:trojan-activity;sid:84562194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.212.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699093/; classtype:trojan-activity;sid:84562193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.39.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699092/; classtype:trojan-activity;sid:84562192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699091)"; flow:established,from_client; content:"GET"; http_method; content:"/xrcophuy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"oak.1ittleriver.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699091/; classtype:trojan-activity;sid:84562191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.126.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699090/; classtype:trojan-activity;sid:84562190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.129.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699089/; classtype:trojan-activity;sid:84562189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.233.83.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699088/; classtype:trojan-activity;sid:84562188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.248.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699087/; classtype:trojan-activity;sid:84562187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.212.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699086/; classtype:trojan-activity;sid:84562186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.47.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699085/; classtype:trojan-activity;sid:84562185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.77.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699084/; classtype:trojan-activity;sid:84562184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.248.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699083/; classtype:trojan-activity;sid:84562183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.39.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699082/; classtype:trojan-activity;sid:84562182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.74.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699081/; classtype:trojan-activity;sid:84562181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699080)"; flow:established,from_client; content:"GET"; http_method; content:"/il0hbl7p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"copperwerft.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699080/; classtype:trojan-activity;sid:84562180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699079)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699079/; classtype:trojan-activity;sid:84562179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699077)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"1.13.175.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699077/; classtype:trojan-activity;sid:84562177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699078)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.53.36.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699078/; classtype:trojan-activity;sid:84562178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.78.218.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699076/; classtype:trojan-activity;sid:84562176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.225.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699075/; classtype:trojan-activity;sid:84562175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.7.157.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699070/; classtype:trojan-activity;sid:84562170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699071/; classtype:trojan-activity;sid:84562171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.74.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699072/; classtype:trojan-activity;sid:84562172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.237.78.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699073/; classtype:trojan-activity;sid:84562173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.4.215.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699074/; classtype:trojan-activity;sid:84562174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.49.210.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699068/; classtype:trojan-activity;sid:84562168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.147.66.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699069/; classtype:trojan-activity;sid:84562169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.7.129.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699067/; classtype:trojan-activity;sid:84562167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699065)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.147.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699065/; classtype:trojan-activity;sid:84562165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699066)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.174.217.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699066/; classtype:trojan-activity;sid:84562166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699059)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.128.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699059/; classtype:trojan-activity;sid:84562159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699060)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699060/; classtype:trojan-activity;sid:84562160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699061)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699061/; classtype:trojan-activity;sid:84562161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699062)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.104.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699062/; classtype:trojan-activity;sid:84562162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699063)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.88.239.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699063/; classtype:trojan-activity;sid:84562163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699064)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.104.231.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699064/; classtype:trojan-activity;sid:84562164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699058)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.137.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699058/; classtype:trojan-activity;sid:84562158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.129.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699056/; classtype:trojan-activity;sid:84562156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.249.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699057/; classtype:trojan-activity;sid:84562157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.70.238.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699055/; classtype:trojan-activity;sid:84562155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.100.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699054/; classtype:trojan-activity;sid:84562154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.1.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699053/; classtype:trojan-activity;sid:84562153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.74.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699052/; classtype:trojan-activity;sid:84562152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.77.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699051/; classtype:trojan-activity;sid:84562151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699050/; classtype:trojan-activity;sid:84562150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.1.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699049/; classtype:trojan-activity;sid:84562149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699048/; classtype:trojan-activity;sid:84562148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.218.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699047/; classtype:trojan-activity;sid:84562147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.187.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699046/; classtype:trojan-activity;sid:84562146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699045)"; flow:established,from_client; content:"GET"; http_method; content:"/e9grzmpj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"starmarkt.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699045/; classtype:trojan-activity;sid:84562145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.89.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699044/; classtype:trojan-activity;sid:84562144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.76.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699043/; classtype:trojan-activity;sid:84562143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.75.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699042/; classtype:trojan-activity;sid:84562142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.128.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699041/; classtype:trojan-activity;sid:84562141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699040)"; flow:established,from_client; content:"GET"; http_method; content:"/1qh7pjtd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"quartzdamm.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699040/; classtype:trojan-activity;sid:84562140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699039/; classtype:trojan-activity;sid:84562139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.142.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699038/; classtype:trojan-activity;sid:84562138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699037/; classtype:trojan-activity;sid:84562137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.101.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699036/; classtype:trojan-activity;sid:84562136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699035/; classtype:trojan-activity;sid:84562135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699034)"; flow:established,from_client; content:"GET"; http_method; content:"/48vw78km"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"berylhammer.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699034/; classtype:trojan-activity;sid:84562134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.75.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699033/; classtype:trojan-activity;sid:84562133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.254.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699032/; classtype:trojan-activity;sid:84562132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.157.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699031/; classtype:trojan-activity;sid:84562131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699030/; classtype:trojan-activity;sid:84562130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.228.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699029/; classtype:trojan-activity;sid:84562129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.128.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699028/; classtype:trojan-activity;sid:84562128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.32.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699027/; classtype:trojan-activity;sid:84562127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699026)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7882370143/gx4ev0u.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699026/; classtype:trojan-activity;sid:84562126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699025)"; flow:established,from_client; content:"GET"; http_method; content:"/s41dfgj2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ebonyecke.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699025/; classtype:trojan-activity;sid:84562125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.142.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699024/; classtype:trojan-activity;sid:84562124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.101.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699023/; classtype:trojan-activity;sid:84562123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.139.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699022/; classtype:trojan-activity;sid:84562122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699021)"; flow:established,from_client; content:"GET"; http_method; content:"/ob1x6dqa"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pearlkrone.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699021/; classtype:trojan-activity;sid:84562121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.63.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699020/; classtype:trojan-activity;sid:84562120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699019)"; flow:established,from_client; content:"GET"; http_method; content:"/files/77546367/j4ca3di.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699019/; classtype:trojan-activity;sid:84562119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.87.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699018/; classtype:trojan-activity;sid:84562118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.254.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699017/; classtype:trojan-activity;sid:84562117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699016)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7212043758/ovzrhnn.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699016/; classtype:trojan-activity;sid:84562116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699015/; classtype:trojan-activity;sid:84562115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.139.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699014/; classtype:trojan-activity;sid:84562114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.35.150.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699013/; classtype:trojan-activity;sid:84562113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699012/; classtype:trojan-activity;sid:84562112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699011)"; flow:established,from_client; content:"GET"; http_method; content:"/mgljdhkx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mistgraben.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699011/; classtype:trojan-activity;sid:84562111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.63.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699010/; classtype:trojan-activity;sid:84562110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.93.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699009/; classtype:trojan-activity;sid:84562109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.108.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699008/; classtype:trojan-activity;sid:84562108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699007)"; flow:established,from_client; content:"GET"; http_method; content:"/zhs6flao"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"prismboden.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699007/; classtype:trojan-activity;sid:84562107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.77.171.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699006/; classtype:trojan-activity;sid:84562106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.95.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699005/; classtype:trojan-activity;sid:84562105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.59.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699004/; classtype:trojan-activity;sid:84562104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699003)"; flow:established,from_client; content:"GET"; http_method; content:"/1q9ck0ny"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"embergrund.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699003/; classtype:trojan-activity;sid:84562103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.108.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699002/; classtype:trojan-activity;sid:84562102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.185.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699001/; classtype:trojan-activity;sid:84562101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.60.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3699000/; classtype:trojan-activity;sid:84562100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698999)"; flow:established,from_client; content:"GET"; http_method; content:"/q5bv6zb2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"giowrust.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698999/; classtype:trojan-activity;sid:84562099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.59.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698998/; classtype:trojan-activity;sid:84562098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.95.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698997/; classtype:trojan-activity;sid:84562097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.49.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698996/; classtype:trojan-activity;sid:84562096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698995)"; flow:established,from_client; content:"GET"; http_method; content:"/us0q7u3o"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"redfern.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698995/; classtype:trojan-activity;sid:84562095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698994)"; flow:established,from_client; content:"GET"; http_method; content:"/%ec%a0%84%eb%b3%b4.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"telegram-31-10.netlify.app"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698994/; classtype:trojan-activity;sid:84562094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698992)"; flow:established,from_client; content:"GET"; http_method; content:"/page/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"surrezooominvite.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698992/; classtype:trojan-activity;sid:84562092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698993)"; flow:established,from_client; content:"GET"; http_method; content:"/meeting/windows/zoomworkspace.clientsetup.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"mine.teknikbayi.com.tr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698993/; classtype:trojan-activity;sid:84562093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698991)"; flow:established,from_client; content:"GET"; http_method; content:"/live/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"surrezooominvite.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698991/; classtype:trojan-activity;sid:84562091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698990)"; flow:established,from_client; content:"GET"; http_method; content:"/msi/documentos.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"93.88.74.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698990/; classtype:trojan-activity;sid:84562090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698988)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1420135270296322239/1420516253247733831/based.exe.zip|3f|ex=690e5eda|7c|26|7c|is=690d0d5a|7c|26|7c|hm=dc9af610b3a6e18998b50786346eadd43871e05ed1d4542eeaff9690c99144d1|7c|26|7c|"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698988/; classtype:trojan-activity;sid:84562088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698989)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"zoommeeting1.n2c0.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698989/; classtype:trojan-activity;sid:84562089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698987)"; flow:established,from_client; content:"GET"; http_method; content:"/pankoza2-pl/trihydridoarsenic.exe/blob/main/trihydridoarsenic.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698987/; classtype:trojan-activity;sid:84562087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698986)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/2ewxrbmmy6h05c9yoogt6/documento.exe|3f|rlkey=xcy6wtr4my9nugt1mo7w2e60r|7c|26|7c|st=sdl4xklb|7c|26|7c|dl=1"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698986/; classtype:trojan-activity;sid:84562086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698985)"; flow:established,from_client; content:"GET"; http_method; content:"/public/js/cloudflare.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tema-com-ua-568517.hostingersite.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698985/; classtype:trojan-activity;sid:84562085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698984)"; flow:established,from_client; content:"GET"; http_method; content:"/znjje5en"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"quietwhite.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698984/; classtype:trojan-activity;sid:84562084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.27.60.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698983/; classtype:trojan-activity;sid:84562083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.181.95.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698980/; classtype:trojan-activity;sid:84562080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.6.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698981/; classtype:trojan-activity;sid:84562081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.108.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698982/; classtype:trojan-activity;sid:84562082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.84.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698977/; classtype:trojan-activity;sid:84562077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698978/; classtype:trojan-activity;sid:84562078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.154.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698979/; classtype:trojan-activity;sid:84562079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.187.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698975/; classtype:trojan-activity;sid:84562075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.6.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698976/; classtype:trojan-activity;sid:84562076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.253.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698974/; classtype:trojan-activity;sid:84562074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.171.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698973/; classtype:trojan-activity;sid:84562073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698972)"; flow:established,from_client; content:"GET"; http_method; content:"/1ghwa0fh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fox3den.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698972/; classtype:trojan-activity;sid:84562072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.77.171.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698971/; classtype:trojan-activity;sid:84562071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698970/; classtype:trojan-activity;sid:84562070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698969/; classtype:trojan-activity;sid:84562069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.189.54.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698968/; classtype:trojan-activity;sid:84562068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.49.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698967/; classtype:trojan-activity;sid:84562067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.55.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698966/; classtype:trojan-activity;sid:84562066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.171.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698965/; classtype:trojan-activity;sid:84562065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.58.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698964/; classtype:trojan-activity;sid:84562064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.117.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698963/; classtype:trojan-activity;sid:84562063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.0.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698962/; classtype:trojan-activity;sid:84562062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.218.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698960/; classtype:trojan-activity;sid:84562060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.55.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698961/; classtype:trojan-activity;sid:84562061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698959)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7939550397/niopeh1.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698959/; classtype:trojan-activity;sid:84562059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.179.230.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698958/; classtype:trojan-activity;sid:84562058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.248.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698957/; classtype:trojan-activity;sid:84562057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.153.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698956/; classtype:trojan-activity;sid:84562056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.87.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698955/; classtype:trojan-activity;sid:84562055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.212.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698954/; classtype:trojan-activity;sid:84562054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.248.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698953/; classtype:trojan-activity;sid:84562053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.83.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698952/; classtype:trojan-activity;sid:84562052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698951/; classtype:trojan-activity;sid:84562051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.24.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698950/; classtype:trojan-activity;sid:84562050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698949/; classtype:trojan-activity;sid:84562049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698948)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique5/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698948/; classtype:trojan-activity;sid:84562048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.21.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698947/; classtype:trojan-activity;sid:84562047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.24.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698946/; classtype:trojan-activity;sid:84562046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.195.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698944/; classtype:trojan-activity;sid:84562044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.32.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698945/; classtype:trojan-activity;sid:84562045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.68.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698943/; classtype:trojan-activity;sid:84562043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698942)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/nr6lwyl.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698942/; classtype:trojan-activity;sid:84562042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.235.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698941/; classtype:trojan-activity;sid:84562041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.21.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698940/; classtype:trojan-activity;sid:84562040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.47.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698939/; classtype:trojan-activity;sid:84562039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.189.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698938/; classtype:trojan-activity;sid:84562038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.84.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698937/; classtype:trojan-activity;sid:84562037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.152.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698936/; classtype:trojan-activity;sid:84562036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.5.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698935/; classtype:trojan-activity;sid:84562035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.235.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698934/; classtype:trojan-activity;sid:84562034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698933/; classtype:trojan-activity;sid:84562033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698932)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698932/; classtype:trojan-activity;sid:84562032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698931)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698931/; classtype:trojan-activity;sid:84562031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698930)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698930/; classtype:trojan-activity;sid:84562030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698924)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698924/; classtype:trojan-activity;sid:84562024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698925)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698925/; classtype:trojan-activity;sid:84562025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698926)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698926/; classtype:trojan-activity;sid:84562026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698927)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698927/; classtype:trojan-activity;sid:84562027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698928)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698928/; classtype:trojan-activity;sid:84562028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698929)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698929/; classtype:trojan-activity;sid:84562029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698918)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698918/; classtype:trojan-activity;sid:84562018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698919)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698919/; classtype:trojan-activity;sid:84562019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698920)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698920/; classtype:trojan-activity;sid:84562020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698921)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698921/; classtype:trojan-activity;sid:84562021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698922)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698922/; classtype:trojan-activity;sid:84562022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698923)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698923/; classtype:trojan-activity;sid:84562023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698917)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.jhfhfdkhdfdk32.duckdns.org"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698917/; classtype:trojan-activity;sid:84562017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.84.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698916/; classtype:trojan-activity;sid:84562016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.189.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698915/; classtype:trojan-activity;sid:84562015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.255.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698914/; classtype:trojan-activity;sid:84562014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698913/; classtype:trojan-activity;sid:84562013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698912)"; flow:established,from_client; content:"GET"; http_method; content:"/bxo.google|3f|t=7z8xuk58"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"4j1.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698912/; classtype:trojan-activity;sid:84562012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698911)"; flow:established,from_client; content:"GET"; http_method; content:"/41.google|3f|t=tshlu6of"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.glacierbruecke.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698911/; classtype:trojan-activity;sid:84562011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.94.31.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698910/; classtype:trojan-activity;sid:84562010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698909/; classtype:trojan-activity;sid:84562009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698908)"; flow:established,from_client; content:"GET"; http_method; content:"/cou.check|3f|t=nxuht4hl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qtf.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698908/; classtype:trojan-activity;sid:84562008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698907)"; flow:established,from_client; content:"GET"; http_method; content:"/aoo.check|3f|t=hxxmoqhj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g8p.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698907/; classtype:trojan-activity;sid:84562007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.174.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698906/; classtype:trojan-activity;sid:84562006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698905)"; flow:established,from_client; content:"GET"; http_method; content:"/sfj.google|3f|t=ezacyaw5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3fp.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698905/; classtype:trojan-activity;sid:84562005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698904)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7719064868/sjcggrm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698904/; classtype:trojan-activity;sid:84562004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.250.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698903/; classtype:trojan-activity;sid:84562003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698902/; classtype:trojan-activity;sid:84562002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698901)"; flow:established,from_client; content:"GET"; http_method; content:"/sfj.google|3f|t=bk9ytb60"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3fp.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698901/; classtype:trojan-activity;sid:84562001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698900/; classtype:trojan-activity;sid:84562000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.59.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698899/; classtype:trojan-activity;sid:84561999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698898/; classtype:trojan-activity;sid:84561998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698897)"; flow:established,from_client; content:"GET"; http_method; content:"/9j.check|3f|t=nwf62rx3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"daj.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698897/; classtype:trojan-activity;sid:84561997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.109.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698896/; classtype:trojan-activity;sid:84561996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698895)"; flow:established,from_client; content:"GET"; http_method; content:"/ie.google|3f|t=y6dznukm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"10.glacierbruecke.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698895/; classtype:trojan-activity;sid:84561995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.174.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698894/; classtype:trojan-activity;sid:84561994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698893)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique4/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698893/; classtype:trojan-activity;sid:84561993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.222.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698892/; classtype:trojan-activity;sid:84561992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698891)"; flow:established,from_client; content:"GET"; http_method; content:"/qw2.google|3f|t=90p8epgj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w1i.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698891/; classtype:trojan-activity;sid:84561991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698890)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/vxumdyy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698890/; classtype:trojan-activity;sid:84561990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698889)"; flow:established,from_client; content:"GET"; http_method; content:"/qw2.google|3f|t=jk758ogc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w1i.glacierbruecke.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698889/; classtype:trojan-activity;sid:84561989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.52.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698888/; classtype:trojan-activity;sid:84561988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.238.101.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698886/; classtype:trojan-activity;sid:84561986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.109.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698887/; classtype:trojan-activity;sid:84561987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698885)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7103746036/dd7vj9i.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698885/; classtype:trojan-activity;sid:84561985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698884)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=asxsxjqv"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"l3.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698884/; classtype:trojan-activity;sid:84561984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.250.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698883/; classtype:trojan-activity;sid:84561983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698882)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=1y0q4kqd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"l3.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698882/; classtype:trojan-activity;sid:84561982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698881)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=8wooidyg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8343.basaltwerk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698881/; classtype:trojan-activity;sid:84561981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.193.63.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698880/; classtype:trojan-activity;sid:84561980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698879)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=o7uw35ud"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sbeo.basaltwerk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698879/; classtype:trojan-activity;sid:84561979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.238.101.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698878/; classtype:trojan-activity;sid:84561978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698877)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=xfkunb4a"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sbeo.basaltwerk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698877/; classtype:trojan-activity;sid:84561977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.222.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698876/; classtype:trojan-activity;sid:84561976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698875)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=1ilmy5fl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sbeo.basaltwerk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698875/; classtype:trojan-activity;sid:84561975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698874)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=rrsr62k2"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"sbeo.basaltwerk.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698874/; classtype:trojan-activity;sid:84561974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.193.63.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698873/; classtype:trojan-activity;sid:84561973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.222.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698872/; classtype:trojan-activity;sid:84561972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.75.132.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698871/; classtype:trojan-activity;sid:84561971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.128.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698870/; classtype:trojan-activity;sid:84561970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698869)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698869/; classtype:trojan-activity;sid:84561969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698868)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698868/; classtype:trojan-activity;sid:84561968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698862)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698862/; classtype:trojan-activity;sid:84561962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698863)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698863/; classtype:trojan-activity;sid:84561963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698864)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698864/; classtype:trojan-activity;sid:84561964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698865)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698865/; classtype:trojan-activity;sid:84561965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698866)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698866/; classtype:trojan-activity;sid:84561966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698867)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698867/; classtype:trojan-activity;sid:84561967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698860)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698860/; classtype:trojan-activity;sid:84561960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698861)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698861/; classtype:trojan-activity;sid:84561961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698858)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698858/; classtype:trojan-activity;sid:84561958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698859)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698859/; classtype:trojan-activity;sid:84561959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698857)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698857/; classtype:trojan-activity;sid:84561957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698855)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698855/; classtype:trojan-activity;sid:84561955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698856)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698856/; classtype:trojan-activity;sid:84561956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698852)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698852/; classtype:trojan-activity;sid:84561952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698853)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698853/; classtype:trojan-activity;sid:84561953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698854)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698854/; classtype:trojan-activity;sid:84561954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698850)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698850/; classtype:trojan-activity;sid:84561950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698851)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698851/; classtype:trojan-activity;sid:84561951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698848)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698848/; classtype:trojan-activity;sid:84561948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698849)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698849/; classtype:trojan-activity;sid:84561949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698842)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698842/; classtype:trojan-activity;sid:84561942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698843)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698843/; classtype:trojan-activity;sid:84561943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698844)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698844/; classtype:trojan-activity;sid:84561944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698845)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698845/; classtype:trojan-activity;sid:84561945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698846)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698846/; classtype:trojan-activity;sid:84561946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698847)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698847/; classtype:trojan-activity;sid:84561947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698841)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698841/; classtype:trojan-activity;sid:84561941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698840)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698840/; classtype:trojan-activity;sid:84561940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698836)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698836/; classtype:trojan-activity;sid:84561936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698837)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698837/; classtype:trojan-activity;sid:84561937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698838)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698838/; classtype:trojan-activity;sid:84561938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698839)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698839/; classtype:trojan-activity;sid:84561939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698833)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698833/; classtype:trojan-activity;sid:84561933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698834)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698834/; classtype:trojan-activity;sid:84561934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698835)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698835/; classtype:trojan-activity;sid:84561935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698829)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698829/; classtype:trojan-activity;sid:84561929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698830)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698830/; classtype:trojan-activity;sid:84561930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698831)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698831/; classtype:trojan-activity;sid:84561931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698832)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698832/; classtype:trojan-activity;sid:84561932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698824)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698824/; classtype:trojan-activity;sid:84561924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698825)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698825/; classtype:trojan-activity;sid:84561925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698826)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698826/; classtype:trojan-activity;sid:84561926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698827)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698827/; classtype:trojan-activity;sid:84561927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698828)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698828/; classtype:trojan-activity;sid:84561928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698820)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698820/; classtype:trojan-activity;sid:84561920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698821)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698821/; classtype:trojan-activity;sid:84561921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698822)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698822/; classtype:trojan-activity;sid:84561922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698823)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698823/; classtype:trojan-activity;sid:84561923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698817)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698817/; classtype:trojan-activity;sid:84561917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698818)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698818/; classtype:trojan-activity;sid:84561918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698819)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698819/; classtype:trojan-activity;sid:84561919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698816)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698816/; classtype:trojan-activity;sid:84561916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698812)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698812/; classtype:trojan-activity;sid:84561912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698813)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698813/; classtype:trojan-activity;sid:84561913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698814)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698814/; classtype:trojan-activity;sid:84561914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698815)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698815/; classtype:trojan-activity;sid:84561915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698809)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698809/; classtype:trojan-activity;sid:84561909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698810)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698810/; classtype:trojan-activity;sid:84561910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698811)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698811/; classtype:trojan-activity;sid:84561911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698800)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698800/; classtype:trojan-activity;sid:84561900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698801)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698801/; classtype:trojan-activity;sid:84561901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698802)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698802/; classtype:trojan-activity;sid:84561902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698803)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698803/; classtype:trojan-activity;sid:84561903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698804)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698804/; classtype:trojan-activity;sid:84561904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698805)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698805/; classtype:trojan-activity;sid:84561905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698806)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698806/; classtype:trojan-activity;sid:84561906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698807)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698807/; classtype:trojan-activity;sid:84561907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698808)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698808/; classtype:trojan-activity;sid:84561908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698798)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698798/; classtype:trojan-activity;sid:84561898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698799)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698799/; classtype:trojan-activity;sid:84561899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698793)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698793/; classtype:trojan-activity;sid:84561893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698794)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698794/; classtype:trojan-activity;sid:84561894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698795)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698795/; classtype:trojan-activity;sid:84561895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698796)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698796/; classtype:trojan-activity;sid:84561896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698797)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698797/; classtype:trojan-activity;sid:84561897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698785)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698785/; classtype:trojan-activity;sid:84561885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698786)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698786/; classtype:trojan-activity;sid:84561886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698787)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698787/; classtype:trojan-activity;sid:84561887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698788)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698788/; classtype:trojan-activity;sid:84561888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698789)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698789/; classtype:trojan-activity;sid:84561889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698790)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698790/; classtype:trojan-activity;sid:84561890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698791)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698791/; classtype:trojan-activity;sid:84561891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698792)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698792/; classtype:trojan-activity;sid:84561892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698776)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698776/; classtype:trojan-activity;sid:84561876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698777)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698777/; classtype:trojan-activity;sid:84561877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698778)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698778/; classtype:trojan-activity;sid:84561878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698779)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698779/; classtype:trojan-activity;sid:84561879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698780)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698780/; classtype:trojan-activity;sid:84561880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698781)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698781/; classtype:trojan-activity;sid:84561881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698782)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698782/; classtype:trojan-activity;sid:84561882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698783)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698783/; classtype:trojan-activity;sid:84561883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698784)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698784/; classtype:trojan-activity;sid:84561884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698767)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698767/; classtype:trojan-activity;sid:84561867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698768)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698768/; classtype:trojan-activity;sid:84561868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698769)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698769/; classtype:trojan-activity;sid:84561869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698770)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698770/; classtype:trojan-activity;sid:84561870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698771)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698771/; classtype:trojan-activity;sid:84561871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698772)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698772/; classtype:trojan-activity;sid:84561872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698773)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698773/; classtype:trojan-activity;sid:84561873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698774)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698774/; classtype:trojan-activity;sid:84561874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698775/; classtype:trojan-activity;sid:84561875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698760)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698760/; classtype:trojan-activity;sid:84561860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698761)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698761/; classtype:trojan-activity;sid:84561861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698762)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698762/; classtype:trojan-activity;sid:84561862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698763)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.96.129.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698763/; classtype:trojan-activity;sid:84561863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698764)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698764/; classtype:trojan-activity;sid:84561864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698765)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698765/; classtype:trojan-activity;sid:84561865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698766)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.96.129.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698766/; classtype:trojan-activity;sid:84561866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.195.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698759/; classtype:trojan-activity;sid:84561859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.59.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698758/; classtype:trojan-activity;sid:84561858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.88.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698757/; classtype:trojan-activity;sid:84561857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.44.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698756/; classtype:trojan-activity;sid:84561856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698755)"; flow:established,from_client; content:"GET"; http_method; content:"/s03kduq6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"j4.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698755/; classtype:trojan-activity;sid:84561855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.87.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698754/; classtype:trojan-activity;sid:84561854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698753)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=3xsohu97"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j4.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698753/; classtype:trojan-activity;sid:84561853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698752)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7957086213/hdi9wtb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698752/; classtype:trojan-activity;sid:84561852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.163.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698751/; classtype:trojan-activity;sid:84561851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.92.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698750/; classtype:trojan-activity;sid:84561850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698749)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|t=zkwq9tci"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bv9.basaltwerk.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698749/; classtype:trojan-activity;sid:84561849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.104.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698748/; classtype:trojan-activity;sid:84561848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.58.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698747/; classtype:trojan-activity;sid:84561847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698746)"; flow:established,from_client; content:"GET"; http_method; content:"/vc2.check|3f|t=gbfhh2xd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698746/; classtype:trojan-activity;sid:84561846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.104.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698745/; classtype:trojan-activity;sid:84561845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.226.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698740/; classtype:trojan-activity;sid:84561840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.2.185.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698741/; classtype:trojan-activity;sid:84561841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.2.185.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698742/; classtype:trojan-activity;sid:84561842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.147.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698743/; classtype:trojan-activity;sid:84561843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.221.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698744/; classtype:trojan-activity;sid:84561844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.40.48.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698738/; classtype:trojan-activity;sid:84561838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.229.174.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698739/; classtype:trojan-activity;sid:84561839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698737/; classtype:trojan-activity;sid:84561837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698736)"; flow:established,from_client; content:"GET"; http_method; content:"/tv2utj3r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q7.basaltwerk.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698736/; classtype:trojan-activity;sid:84561836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.194.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698735/; classtype:trojan-activity;sid:84561835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.107.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698734/; classtype:trojan-activity;sid:84561834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.88.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698733/; classtype:trojan-activity;sid:84561833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.163.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698732/; classtype:trojan-activity;sid:84561832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.92.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698731/; classtype:trojan-activity;sid:84561831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.182.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698730/; classtype:trojan-activity;sid:84561830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.109.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698729/; classtype:trojan-activity;sid:84561829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698728)"; flow:established,from_client; content:"GET"; http_method; content:"/56zvny7b"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wp6.basaltwerk.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698728/; classtype:trojan-activity;sid:84561828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698727/; classtype:trojan-activity;sid:84561827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.56.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698726/; classtype:trojan-activity;sid:84561826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.109.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698725/; classtype:trojan-activity;sid:84561825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698724)"; flow:established,from_client; content:"GET"; http_method; content:"/q4q.check|3f|t=1x7c9feu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wp6.basaltwerk.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698724/; classtype:trojan-activity;sid:84561824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.182.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698723/; classtype:trojan-activity;sid:84561823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.181.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698722/; classtype:trojan-activity;sid:84561822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.194.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698721/; classtype:trojan-activity;sid:84561821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.165.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698720/; classtype:trojan-activity;sid:84561820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698719)"; flow:established,from_client; content:"GET"; http_method; content:"/a7os0hh1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uhz.basaltwerk.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698719/; classtype:trojan-activity;sid:84561819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698718/; classtype:trojan-activity;sid:84561818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698717/; classtype:trojan-activity;sid:84561817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698716/; classtype:trojan-activity;sid:84561816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.56.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698715/; classtype:trojan-activity;sid:84561815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698714)"; flow:established,from_client; content:"GET"; http_method; content:"/3ao.check|3f|t=gnz78rys"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3t.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698714/; classtype:trojan-activity;sid:84561814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.165.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698713/; classtype:trojan-activity;sid:84561813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698712/; classtype:trojan-activity;sid:84561812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.38.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698711/; classtype:trojan-activity;sid:84561811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.181.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698710/; classtype:trojan-activity;sid:84561810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698709)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6400879960/g4v4qym.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698709/; classtype:trojan-activity;sid:84561809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698708/; classtype:trojan-activity;sid:84561808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698707)"; flow:established,from_client; content:"GET"; http_method; content:"/f9.google|3f|t=gzq1voi5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9ls.bramblestrom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698707/; classtype:trojan-activity;sid:84561807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.83.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698706/; classtype:trojan-activity;sid:84561806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.28.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698705/; classtype:trojan-activity;sid:84561805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698704)"; flow:established,from_client; content:"GET"; http_method; content:"/ap.google|3f|t=q6h2mz01"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mi.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698704/; classtype:trojan-activity;sid:84561804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698703/; classtype:trojan-activity;sid:84561803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698702)"; flow:established,from_client; content:"GET"; http_method; content:"/n5.google|3f|t=dixf87ed"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3hg.bramblestrom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698702/; classtype:trojan-activity;sid:84561802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.40.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698701/; classtype:trojan-activity;sid:84561801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.107.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698700/; classtype:trojan-activity;sid:84561800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698699)"; flow:established,from_client; content:"GET"; http_method; content:"/reprofo.mso"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698699/; classtype:trojan-activity;sid:84561799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.i486"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698683/; classtype:trojan-activity;sid:84561783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698684/; classtype:trojan-activity;sid:84561784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698685/; classtype:trojan-activity;sid:84561785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698686/; classtype:trojan-activity;sid:84561786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698687/; classtype:trojan-activity;sid:84561787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698688/; classtype:trojan-activity;sid:84561788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698689/; classtype:trojan-activity;sid:84561789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698690/; classtype:trojan-activity;sid:84561790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698691/; classtype:trojan-activity;sid:84561791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698692/; classtype:trojan-activity;sid:84561792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698693/; classtype:trojan-activity;sid:84561793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mips64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698694/; classtype:trojan-activity;sid:84561794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698695/; classtype:trojan-activity;sid:84561795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698696/; classtype:trojan-activity;sid:84561796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698697/; classtype:trojan-activity;sid:84561797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/space.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698698/; classtype:trojan-activity;sid:84561798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698682)"; flow:established,from_client; content:"GET"; http_method; content:"/gkvys7xa"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ehu.bramblestrom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698682/; classtype:trojan-activity;sid:84561782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698681)"; flow:established,from_client; content:"GET"; http_method; content:"/xcs.google|3f|t=l0g2nrdd"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ehu.bramblestrom.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698681/; classtype:trojan-activity;sid:84561781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.49.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698680/; classtype:trojan-activity;sid:84561780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698679)"; flow:established,from_client; content:"GET"; http_method; content:"/meu/new_ibo_app.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5go5.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698679/; classtype:trojan-activity;sid:84561779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698678)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/1xbet.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"1xbet-android.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698678/; classtype:trojan-activity;sid:84561778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698677)"; flow:established,from_client; content:"GET"; http_method; content:"/fishmaps.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rybkakis.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698677/; classtype:trojan-activity;sid:84561777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698676)"; flow:established,from_client; content:"GET"; http_method; content:"/7ec62d3c50d033b0857fe6f7e1e09de219001cf3bcc25fe5ddac25596b0c2922.apk"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"ultraviewv.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698676/; classtype:trojan-activity;sid:84561776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698675)"; flow:established,from_client; content:"GET"; http_method; content:"/m.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"ampayz.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698675/; classtype:trojan-activity;sid:84561775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698673)"; flow:established,from_client; content:"GET"; http_method; content:"/els.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"elementscript.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698673/; classtype:trojan-activity;sid:84561773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698674)"; flow:established,from_client; content:"GET"; http_method; content:"/files/tiktoktv.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"xingba888.today"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698674/; classtype:trojan-activity;sid:84561774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698671)"; flow:established,from_client; content:"GET"; http_method; content:"/daemons.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"daemons.studio"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698671/; classtype:trojan-activity;sid:84561771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698672)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/youtubeultra.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"youtubeultra.digital"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698672/; classtype:trojan-activity;sid:84561772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698670)"; flow:established,from_client; content:"GET"; http_method; content:"/youtubegg.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"youtubegg.top"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698670/; classtype:trojan-activity;sid:84561770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698667)"; flow:established,from_client; content:"GET"; http_method; content:"/fishmaps.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"rybkakis.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698667/; classtype:trojan-activity;sid:84561767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698668)"; flow:established,from_client; content:"GET"; http_method; content:"/trafficflow.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"trafficflow.life"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698668/; classtype:trojan-activity;sid:84561768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698669)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/storybet138v3.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"wahanastory.store"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698669/; classtype:trojan-activity;sid:84561769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.51.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698664/; classtype:trojan-activity;sid:84561764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.81.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698665/; classtype:trojan-activity;sid:84561765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698666)"; flow:established,from_client; content:"GET"; http_method; content:"/document.url"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"112.198.135.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698666/; classtype:trojan-activity;sid:84561766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.55.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698663/; classtype:trojan-activity;sid:84561763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698662)"; flow:established,from_client; content:"GET"; http_method; content:"/94f.check|3f|t=61bvcda4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bq.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698662/; classtype:trojan-activity;sid:84561762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698661)"; flow:established,from_client; content:"GET"; http_method; content:"/xjw062o4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bq.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698661/; classtype:trojan-activity;sid:84561761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.100.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698660/; classtype:trojan-activity;sid:84561760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698659)"; flow:established,from_client; content:"GET"; http_method; content:"/knyxwdg3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4r.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698659/; classtype:trojan-activity;sid:84561759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698658)"; flow:established,from_client; content:"GET"; http_method; content:"/i9.check|3f|t=songuvm9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"4r.bramblestrom.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698658/; classtype:trojan-activity;sid:84561758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.107.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698657/; classtype:trojan-activity;sid:84561757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698654)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698654/; classtype:trojan-activity;sid:84561754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698655)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698655/; classtype:trojan-activity;sid:84561755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698656)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698656/; classtype:trojan-activity;sid:84561756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698648)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698648/; classtype:trojan-activity;sid:84561748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698649)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698649/; classtype:trojan-activity;sid:84561749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698650)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698650/; classtype:trojan-activity;sid:84561750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698651)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698651/; classtype:trojan-activity;sid:84561751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698652)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698652/; classtype:trojan-activity;sid:84561752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698653)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698653/; classtype:trojan-activity;sid:84561753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698647)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698647/; classtype:trojan-activity;sid:84561747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698646)"; flow:established,from_client; content:"GET"; http_method; content:"/dfssharesync20251031183017.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"212.132.112.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698646/; classtype:trojan-activity;sid:84561746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698644)"; flow:established,from_client; content:"GET"; http_method; content:"/invoke-dfssharesync20251031183017inject-3.ps1"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"212.132.112.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698644/; classtype:trojan-activity;sid:84561744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698645)"; flow:established,from_client; content:"GET"; http_method; content:"/invoke-4.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"212.132.112.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698645/; classtype:trojan-activity;sid:84561745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698643)"; flow:established,from_client; content:"GET"; http_method; content:"/qa8.check|3f|t=x5ftph55"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k2m.horizonspur.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698643/; classtype:trojan-activity;sid:84561743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698642/; classtype:trojan-activity;sid:84561742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.86.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698641/; classtype:trojan-activity;sid:84561741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.83.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698640/; classtype:trojan-activity;sid:84561740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.27.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698639/; classtype:trojan-activity;sid:84561739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.101.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698638/; classtype:trojan-activity;sid:84561738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698637)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=1jfyjllf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0x.horizonspur.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698637/; classtype:trojan-activity;sid:84561737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.136.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698636/; classtype:trojan-activity;sid:84561736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.100.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698635/; classtype:trojan-activity;sid:84561735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698634)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=2drjpdzo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oz.horizonspur.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698634/; classtype:trojan-activity;sid:84561734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.174.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698633/; classtype:trojan-activity;sid:84561733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698632/; classtype:trojan-activity;sid:84561732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.101.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698631/; classtype:trojan-activity;sid:84561731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698630/; classtype:trojan-activity;sid:84561730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698629)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7957086213/kdjpzar.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698629/; classtype:trojan-activity;sid:84561729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698627/; classtype:trojan-activity;sid:84561727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698628)"; flow:established,from_client; content:"GET"; http_method; content:"/huh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698628/; classtype:trojan-activity;sid:84561728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.64.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698626/; classtype:trojan-activity;sid:84561726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698625)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=71stjaq4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3r.horizonspur.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698625/; classtype:trojan-activity;sid:84561725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.136.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698624/; classtype:trojan-activity;sid:84561724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.118.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698623/; classtype:trojan-activity;sid:84561723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.238.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698622/; classtype:trojan-activity;sid:84561722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698621/; classtype:trojan-activity;sid:84561721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698620)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=wak3mevs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"so.horizonspur.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698620/; classtype:trojan-activity;sid:84561720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.76.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698619/; classtype:trojan-activity;sid:84561719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.175.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698618/; classtype:trojan-activity;sid:84561718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698617/; classtype:trojan-activity;sid:84561717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698616/; classtype:trojan-activity;sid:84561716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698615)"; flow:established,from_client; content:"GET"; http_method; content:"/yb2.check|3f|t=vfjonc3i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h4n.phoenixbogen.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698615/; classtype:trojan-activity;sid:84561715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698614)"; flow:established,from_client; content:"GET"; http_method; content:"/m04.google|3f|t=azhktb7g"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xk.phoenixbogen.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698614/; classtype:trojan-activity;sid:84561714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.238.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698613/; classtype:trojan-activity;sid:84561713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698612)"; flow:established,from_client; content:"GET"; http_method; content:"/tn3.check|3f|t=oi8oku74"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p2k.phoenixbogen.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698612/; classtype:trojan-activity;sid:84561712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.175.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698611/; classtype:trojan-activity;sid:84561711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.38.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698610/; classtype:trojan-activity;sid:84561710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698609/; classtype:trojan-activity;sid:84561709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698608)"; flow:established,from_client; content:"GET"; http_method; content:"/h7.google|3f|t=87px2k0y"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c3r.phoenixbogen.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698608/; classtype:trojan-activity;sid:84561708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.82.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698607/; classtype:trojan-activity;sid:84561707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.107.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698606/; classtype:trojan-activity;sid:84561706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.238.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698605/; classtype:trojan-activity;sid:84561705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.187.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698604/; classtype:trojan-activity;sid:84561704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.53.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698603/; classtype:trojan-activity;sid:84561703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698602)"; flow:established,from_client; content:"GET"; http_method; content:"/ra.google|3f|t=d1cfnu2v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"be.phoenixbogen.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698602/; classtype:trojan-activity;sid:84561702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698601)"; flow:established,from_client; content:"GET"; http_method; content:"/twmxlbtk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"be.phoenixbogen.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698601/; classtype:trojan-activity;sid:84561701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.82.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698600/; classtype:trojan-activity;sid:84561700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698599)"; flow:established,from_client; content:"GET"; http_method; content:"/keu9slp4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c9.crystalmoor.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698599/; classtype:trojan-activity;sid:84561699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698598)"; flow:established,from_client; content:"GET"; http_method; content:"/ra1.check|3f|t=wdz3k4kk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c9.crystalmoor.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698598/; classtype:trojan-activity;sid:84561698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.104.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698597/; classtype:trojan-activity;sid:84561697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.107.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698595/; classtype:trojan-activity;sid:84561695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698596/; classtype:trojan-activity;sid:84561696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698594)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=j18xkd6y"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tqf.crystalmoor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698594/; classtype:trojan-activity;sid:84561694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.248.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698593/; classtype:trojan-activity;sid:84561693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.117.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698592/; classtype:trojan-activity;sid:84561692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698591)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.check|3f|t=6p0abi4y"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z1.crystalmoor.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698591/; classtype:trojan-activity;sid:84561691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.226.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698590/; classtype:trojan-activity;sid:84561690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.104.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698589/; classtype:trojan-activity;sid:84561689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698588)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=ezcviv08"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd2.crystalmoor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698588/; classtype:trojan-activity;sid:84561688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.113.53.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698587/; classtype:trojan-activity;sid:84561687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698586)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=uf0krgar"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7m.crystalmoor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698586/; classtype:trojan-activity;sid:84561686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.208.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698585/; classtype:trojan-activity;sid:84561685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698584)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=iwsybecq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gs.crystalmoor.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698584/; classtype:trojan-activity;sid:84561684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.189.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698583/; classtype:trojan-activity;sid:84561683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698582/; classtype:trojan-activity;sid:84561682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698581/; classtype:trojan-activity;sid:84561681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698580)"; flow:established,from_client; content:"GET"; http_method; content:"/zn9.check|3f|t=4ev7aoyz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t7z.saffronkern.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698580/; classtype:trojan-activity;sid:84561680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.113.53.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698579/; classtype:trojan-activity;sid:84561679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698578)"; flow:established,from_client; content:"GET"; http_method; content:"/1c0.google|3f|t=6di4895c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bqk.saffronkern.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698578/; classtype:trojan-activity;sid:84561678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.3.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698577/; classtype:trojan-activity;sid:84561677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.208.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698576/; classtype:trojan-activity;sid:84561676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.198.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698575/; classtype:trojan-activity;sid:84561675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.189.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698574/; classtype:trojan-activity;sid:84561674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698573)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=1ky6cfnw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2.saffronkern.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698573/; classtype:trojan-activity;sid:84561673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.245.232.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698572/; classtype:trojan-activity;sid:84561672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.109.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698571/; classtype:trojan-activity;sid:84561671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698570)"; flow:established,from_client; content:"GET"; http_method; content:"/0w4.google|3f|t=tsgmephk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pc4.saffronkern.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698570/; classtype:trojan-activity;sid:84561670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.100.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698569/; classtype:trojan-activity;sid:84561669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698568)"; flow:established,from_client; content:"GET"; http_method; content:"/ulg3cgw8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pc4.saffronkern.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698568/; classtype:trojan-activity;sid:84561668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.159.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698567/; classtype:trojan-activity;sid:84561667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.116.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698566/; classtype:trojan-activity;sid:84561666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.181.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698565/; classtype:trojan-activity;sid:84561665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.3.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698564/; classtype:trojan-activity;sid:84561664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698563)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.192.99.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698563/; classtype:trojan-activity;sid:84561663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.9.223"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698559/; classtype:trojan-activity;sid:84561659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698560/; classtype:trojan-activity;sid:84561660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.13.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698561/; classtype:trojan-activity;sid:84561661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.226.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698562/; classtype:trojan-activity;sid:84561662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.207.64.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698558/; classtype:trojan-activity;sid:84561658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.89.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698557/; classtype:trojan-activity;sid:84561657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.189.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698556/; classtype:trojan-activity;sid:84561656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698555)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698555/; classtype:trojan-activity;sid:84561655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698554)"; flow:established,from_client; content:"GET"; http_method; content:"/7m.google|3f|t=gnzfv65o"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"aj.saffronkern.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698554/; classtype:trojan-activity;sid:84561654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.179.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698553/; classtype:trojan-activity;sid:84561653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.182.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698551/; classtype:trojan-activity;sid:84561651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.109.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698552/; classtype:trojan-activity;sid:84561652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.159.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698550/; classtype:trojan-activity;sid:84561650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698549)"; flow:established,from_client; content:"GET"; http_method; content:"/p0x.check|3f|t=vm0cb50f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z0r.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698549/; classtype:trojan-activity;sid:84561649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.100.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698548/; classtype:trojan-activity;sid:84561648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.209.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698547/; classtype:trojan-activity;sid:84561647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698546)"; flow:established,from_client; content:"GET"; http_method; content:"/k2.google|3f|t=19ogde3t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nq5.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698546/; classtype:trojan-activity;sid:84561646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698545)"; flow:established,from_client; content:"GET"; http_method; content:"/wu58y365"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nq5.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698545/; classtype:trojan-activity;sid:84561645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.245.232.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698544/; classtype:trojan-activity;sid:84561644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.89.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698543/; classtype:trojan-activity;sid:84561643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.179.230.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698542/; classtype:trojan-activity;sid:84561642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698541/; classtype:trojan-activity;sid:84561641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.124.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698540/; classtype:trojan-activity;sid:84561640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.240.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698539/; classtype:trojan-activity;sid:84561639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698538)"; flow:established,from_client; content:"GET"; http_method; content:"/r19.check|3f|t=blxutcp9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d34.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698538/; classtype:trojan-activity;sid:84561638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.209.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698537/; classtype:trojan-activity;sid:84561637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698536/; classtype:trojan-activity;sid:84561636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698535)"; flow:established,from_client; content:"GET"; http_method; content:"/3qa.google|3f|t=qs7d3vdq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w9.nebularanke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698535/; classtype:trojan-activity;sid:84561635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698534)"; flow:established,from_client; content:"GET"; http_method; content:"/v0f.check|3f|t=hhazjyc2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k7x.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698534/; classtype:trojan-activity;sid:84561634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698533)"; flow:established,from_client; content:"GET"; http_method; content:"/38g4pw0w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k7x.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698533/; classtype:trojan-activity;sid:84561633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.124.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698532/; classtype:trojan-activity;sid:84561632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698531/; classtype:trojan-activity;sid:84561631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698530)"; flow:established,from_client; content:"GET"; http_method; content:"/t8.google|3f|t=85475f8j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f2a.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698530/; classtype:trojan-activity;sid:84561630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698529)"; flow:established,from_client; content:"GET"; http_method; content:"/xdmtnv0q"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f2a.nebularanke.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698529/; classtype:trojan-activity;sid:84561629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.27.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698528/; classtype:trojan-activity;sid:84561628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.149.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698527/; classtype:trojan-activity;sid:84561627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.75.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698526/; classtype:trojan-activity;sid:84561626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698525)"; flow:established,from_client; content:"GET"; http_method; content:"/lq0.google|3f|t=sp2ry3xs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"v2r.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698525/; classtype:trojan-activity;sid:84561625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698524)"; flow:established,from_client; content:"GET"; http_method; content:"/dp2.check|3f|t=9sx1aj6u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c4n.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698524/; classtype:trojan-activity;sid:84561624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.87.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698523/; classtype:trojan-activity;sid:84561623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.18.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698522/; classtype:trojan-activity;sid:84561622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698521)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.koukaki.moonwp.fr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698521/; classtype:trojan-activity;sid:84561621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698520)"; flow:established,from_client; content:"GET"; http_method; content:"/uesskkwy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c4n.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698520/; classtype:trojan-activity;sid:84561620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.59.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698519/; classtype:trojan-activity;sid:84561619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698518)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.koukaki.moonwp.fr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698518/; classtype:trojan-activity;sid:84561618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698517)"; flow:established,from_client; content:"GET"; http_method; content:"/a0.google|3f|t=2ag61r4e"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yxm4.whisperlake.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698517/; classtype:trojan-activity;sid:84561617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.195.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698516/; classtype:trojan-activity;sid:84561616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.182.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698515/; classtype:trojan-activity;sid:84561615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.117.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698514/; classtype:trojan-activity;sid:84561614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698513)"; flow:established,from_client; content:"GET"; http_method; content:"/9m1.check|3f|t=npy2w4ys"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t3q.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698513/; classtype:trojan-activity;sid:84561613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.27.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698512/; classtype:trojan-activity;sid:84561612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.108.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698511/; classtype:trojan-activity;sid:84561611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.228.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698510/; classtype:trojan-activity;sid:84561610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.87.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698509/; classtype:trojan-activity;sid:84561609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.4.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698507/; classtype:trojan-activity;sid:84561607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.24.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698508/; classtype:trojan-activity;sid:84561608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.195.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698506/; classtype:trojan-activity;sid:84561606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698505)"; flow:established,from_client; content:"GET"; http_method; content:"/rd.google|3f|t=dyaqottq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k2v.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698505/; classtype:trojan-activity;sid:84561605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698504)"; flow:established,from_client; content:"GET"; http_method; content:"/vryshubj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"k2v.whisperlake.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698504/; classtype:trojan-activity;sid:84561604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.77.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698503/; classtype:trojan-activity;sid:84561603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.24.27.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698502/; classtype:trojan-activity;sid:84561602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698501)"; flow:established,from_client; content:"GET"; http_method; content:"/x3to2hit"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rz4.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698501/; classtype:trojan-activity;sid:84561601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698500)"; flow:established,from_client; content:"GET"; http_method; content:"/bn2.check|3f|t=oceatkvq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rz4.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698500/; classtype:trojan-activity;sid:84561600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.148.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698499/; classtype:trojan-activity;sid:84561599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698498)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.137.246.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698498/; classtype:trojan-activity;sid:84561598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698497)"; flow:established,from_client; content:"GET"; http_method; content:"/ty3.check|3f|t=i7xa2vq5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x1p.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698497/; classtype:trojan-activity;sid:84561597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.228.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698496/; classtype:trojan-activity;sid:84561596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.177.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698495/; classtype:trojan-activity;sid:84561595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698494)"; flow:established,from_client; content:"GET"; http_method; content:"/v0.google|3f|t=noll66xx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q2k.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698494/; classtype:trojan-activity;sid:84561594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698493)"; flow:established,from_client; content:"GET"; http_method; content:"/r66vgxlb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q2k.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698493/; classtype:trojan-activity;sid:84561593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.243.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698492/; classtype:trojan-activity;sid:84561592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698491)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=i68ti6ul"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m9x.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698491/; classtype:trojan-activity;sid:84561591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698490)"; flow:established,from_client; content:"GET"; http_method; content:"/wxc51kmq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m9x.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698490/; classtype:trojan-activity;sid:84561590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.242.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698489/; classtype:trojan-activity;sid:84561589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.159.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698488/; classtype:trojan-activity;sid:84561588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.236.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698487/; classtype:trojan-activity;sid:84561587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698486)"; flow:established,from_client; content:"GET"; http_method; content:"/qm.google|3f|t=p3tctchp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ab7.sunny-harbor.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698486/; classtype:trojan-activity;sid:84561586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.239.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698485/; classtype:trojan-activity;sid:84561585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.159.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698484/; classtype:trojan-activity;sid:84561584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.35.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698483/; classtype:trojan-activity;sid:84561583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.240.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698482/; classtype:trojan-activity;sid:84561582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.88.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698481/; classtype:trojan-activity;sid:84561581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698480)"; flow:established,from_client; content:"GET"; http_method; content:"/zn0kpt23"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"brightsilk.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698480/; classtype:trojan-activity;sid:84561580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698479)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=jf1k4njj"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"brightsilk.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698479/; classtype:trojan-activity;sid:84561579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698477)"; flow:established,from_client; content:"GET"; http_method; content:"/pppoeb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.157.106.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698477/; classtype:trojan-activity;sid:84561577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698478)"; flow:established,from_client; content:"GET"; http_method; content:"/mwah"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.157.106.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698478/; classtype:trojan-activity;sid:84561578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698476)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/0x4szpi.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698476/; classtype:trojan-activity;sid:84561576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698475)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/9zumni2.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698475/; classtype:trojan-activity;sid:84561575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.35.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698474/; classtype:trojan-activity;sid:84561574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698473)"; flow:established,from_client; content:"GET"; http_method; content:"/q5rx0daw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"serenapoint.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698473/; classtype:trojan-activity;sid:84561573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698472)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=640f2nx7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"serenapoint.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698472/; classtype:trojan-activity;sid:84561572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698471)"; flow:established,from_client; content:"GET"; http_method; content:"/68cr2int"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ic0nicr1ver.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698471/; classtype:trojan-activity;sid:84561571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.240.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698470/; classtype:trojan-activity;sid:84561570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698469)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=i0lwo7pe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ic0nicr1ver.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698469/; classtype:trojan-activity;sid:84561569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.153.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698468/; classtype:trojan-activity;sid:84561568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.239.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698467/; classtype:trojan-activity;sid:84561567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698466)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=magej7bu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"shadow-grove.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698466/; classtype:trojan-activity;sid:84561566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698465/; classtype:trojan-activity;sid:84561565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698464)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=almjvbdr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"m0onsh1nebay.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698464/; classtype:trojan-activity;sid:84561564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.153.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698463/; classtype:trojan-activity;sid:84561563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.11.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698462/; classtype:trojan-activity;sid:84561562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698461)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=c2ngqurv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sunnyharbor.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698461/; classtype:trojan-activity;sid:84561561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698460/; classtype:trojan-activity;sid:84561560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698459)"; flow:established,from_client; content:"GET"; http_method; content:"/24bu97cc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sunnyharbor.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698459/; classtype:trojan-activity;sid:84561559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698458/; classtype:trojan-activity;sid:84561558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698457)"; flow:established,from_client; content:"GET"; http_method; content:"/nskrzc8m"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"serena-point.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698457/; classtype:trojan-activity;sid:84561557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698456)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=otpvgs0c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"serena-point.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698456/; classtype:trojan-activity;sid:84561556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.121.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698455/; classtype:trojan-activity;sid:84561555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.84.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698454/; classtype:trojan-activity;sid:84561554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.116.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698453/; classtype:trojan-activity;sid:84561553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698452/; classtype:trojan-activity;sid:84561552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.150.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698451/; classtype:trojan-activity;sid:84561551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698450)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=ichtuqzx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dawn-mirror.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698450/; classtype:trojan-activity;sid:84561550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.231.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698449/; classtype:trojan-activity;sid:84561549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.116.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698448/; classtype:trojan-activity;sid:84561548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698447/; classtype:trojan-activity;sid:84561547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698446)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=2p22jcmw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mighty-flora.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698446/; classtype:trojan-activity;sid:84561546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698445)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/ifils8q.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698445/; classtype:trojan-activity;sid:84561545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698444)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/pec68gw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698444/; classtype:trojan-activity;sid:84561544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.114.224.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698443/; classtype:trojan-activity;sid:84561543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698442/; classtype:trojan-activity;sid:84561542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698441)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=9t6p0bax"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"shadowgrove.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698441/; classtype:trojan-activity;sid:84561541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698440)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=q7avbfux"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"1unarpetal.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698440/; classtype:trojan-activity;sid:84561540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.121.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698439/; classtype:trojan-activity;sid:84561539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.231.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698438/; classtype:trojan-activity;sid:84561538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698437/; classtype:trojan-activity;sid:84561537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.103.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698436/; classtype:trojan-activity;sid:84561536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698434)"; flow:established,from_client; content:"GET"; http_method; content:"/5w8h.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dolmain.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698434/; classtype:trojan-activity;sid:84561534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698435)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"flowascatch.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698435/; classtype:trojan-activity;sid:84561535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698430)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"edentista.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698430/; classtype:trojan-activity;sid:84561530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698431)"; flow:established,from_client; content:"GET"; http_method; content:"/qqrtyw0g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dawnmirror.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698431/; classtype:trojan-activity;sid:84561531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698432)"; flow:established,from_client; content:"GET"; http_method; content:"/5g7o.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"edentista.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698432/; classtype:trojan-activity;sid:84561532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698433)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dolmain.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698433/; classtype:trojan-activity;sid:84561533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.105.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698429/; classtype:trojan-activity;sid:84561529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.181.95.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698428/; classtype:trojan-activity;sid:84561528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.192.254.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698426/; classtype:trojan-activity;sid:84561526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.24.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698427/; classtype:trojan-activity;sid:84561527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.90.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698425/; classtype:trojan-activity;sid:84561525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698424)"; flow:established,from_client; content:"GET"; http_method; content:"/sample.mp4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.file-secure-sharing.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698424/; classtype:trojan-activity;sid:84561524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698422)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.238.233.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698422/; classtype:trojan-activity;sid:84561522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698423)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"165.154.224.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698423/; classtype:trojan-activity;sid:84561523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698421)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.87.10.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698421/; classtype:trojan-activity;sid:84561521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698420)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.79.19.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698420/; classtype:trojan-activity;sid:84561520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698419)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/sample.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"202.155.8.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698419/; classtype:trojan-activity;sid:84561519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698416)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.152.223.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698416/; classtype:trojan-activity;sid:84561516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698417)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.7.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698417/; classtype:trojan-activity;sid:84561517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698418)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698418/; classtype:trojan-activity;sid:84561518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698409)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.92.78.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698409/; classtype:trojan-activity;sid:84561509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698410)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698410/; classtype:trojan-activity;sid:84561510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698411)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.25.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698411/; classtype:trojan-activity;sid:84561511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698412)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.223.104.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698412/; classtype:trojan-activity;sid:84561512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698413)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.38.251.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698413/; classtype:trojan-activity;sid:84561513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698414)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"49.233.204.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698414/; classtype:trojan-activity;sid:84561514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698415)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.192.49.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698415/; classtype:trojan-activity;sid:84561515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698407)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"194.120.24.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698407/; classtype:trojan-activity;sid:84561507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698408)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"212.14.244.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698408/; classtype:trojan-activity;sid:84561508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.136.112.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698405/; classtype:trojan-activity;sid:84561505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.85.4.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698406/; classtype:trojan-activity;sid:84561506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.246.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698403/; classtype:trojan-activity;sid:84561503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.197.49.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698404/; classtype:trojan-activity;sid:84561504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.244.205.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698389/; classtype:trojan-activity;sid:84561489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.83.61.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698390/; classtype:trojan-activity;sid:84561490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.195.194.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698391/; classtype:trojan-activity;sid:84561491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.120.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698392/; classtype:trojan-activity;sid:84561492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.12.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698393/; classtype:trojan-activity;sid:84561493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.101.128.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698394/; classtype:trojan-activity;sid:84561494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.236.56.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698395/; classtype:trojan-activity;sid:84561495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.209.171.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698396/; classtype:trojan-activity;sid:84561496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.129.218.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698397/; classtype:trojan-activity;sid:84561497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.130.225.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698398/; classtype:trojan-activity;sid:84561498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.51.140.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698399/; classtype:trojan-activity;sid:84561499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.250.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698400/; classtype:trojan-activity;sid:84561500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.241.192.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698401/; classtype:trojan-activity;sid:84561501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.48.137.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698402/; classtype:trojan-activity;sid:84561502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.72.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698387/; classtype:trojan-activity;sid:84561487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.157.28.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698388/; classtype:trojan-activity;sid:84561488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"172.125.40.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698385/; classtype:trojan-activity;sid:84561485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.76.33.15"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698386/; classtype:trojan-activity;sid:84561486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.65.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698384/; classtype:trojan-activity;sid:84561484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.218.75.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698382/; classtype:trojan-activity;sid:84561482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.166.215.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698383/; classtype:trojan-activity;sid:84561483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698381)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698381/; classtype:trojan-activity;sid:84561481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698380)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.105.142.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698380/; classtype:trojan-activity;sid:84561480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698379)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698379/; classtype:trojan-activity;sid:84561479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.92.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698377/; classtype:trojan-activity;sid:84561477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.178.208.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698378/; classtype:trojan-activity;sid:84561478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698366)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"105.184.116.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698366/; classtype:trojan-activity;sid:84561466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698367)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.44.66.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698367/; classtype:trojan-activity;sid:84561467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698368)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.19.33.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698368/; classtype:trojan-activity;sid:84561468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698369)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.243.71.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698369/; classtype:trojan-activity;sid:84561469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698370)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698370/; classtype:trojan-activity;sid:84561470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698371)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"97.131.113.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698371/; classtype:trojan-activity;sid:84561471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698372)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"97.131.113.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698372/; classtype:trojan-activity;sid:84561472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698373)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1.1.104.94"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698373/; classtype:trojan-activity;sid:84561473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698374)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.145.128.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698374/; classtype:trojan-activity;sid:84561474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698375)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.178.208.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698375/; classtype:trojan-activity;sid:84561475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698376)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"121.73.163.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698376/; classtype:trojan-activity;sid:84561476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698362)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.66.24.14"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698362/; classtype:trojan-activity;sid:84561462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698363)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.154.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698363/; classtype:trojan-activity;sid:84561463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698364)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.40.118.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698364/; classtype:trojan-activity;sid:84561464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698365)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698365/; classtype:trojan-activity;sid:84561465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698361)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.197.141.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698361/; classtype:trojan-activity;sid:84561461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.8.118.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698360/; classtype:trojan-activity;sid:84561460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698359)"; flow:established,from_client; content:"GET"; http_method; content:"/8am63pq5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mightyflora.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698359/; classtype:trojan-activity;sid:84561459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.144.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698358/; classtype:trojan-activity;sid:84561458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698357)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=6lq1uhdn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mightyflora.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698357/; classtype:trojan-activity;sid:84561457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.83.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698356/; classtype:trojan-activity;sid:84561456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698355/; classtype:trojan-activity;sid:84561455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698354)"; flow:established,from_client; content:"GET"; http_method; content:"/f180alms"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mintnord.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698354/; classtype:trojan-activity;sid:84561454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698353)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=qzsatl1l"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"mintnord.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698353/; classtype:trojan-activity;sid:84561453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.192.254.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698352/; classtype:trojan-activity;sid:84561452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.250.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698351/; classtype:trojan-activity;sid:84561451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.42.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698350/; classtype:trojan-activity;sid:84561450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.144.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698349/; classtype:trojan-activity;sid:84561449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.8.118.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698348/; classtype:trojan-activity;sid:84561448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698347)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=q31kh0u2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cindertau.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698347/; classtype:trojan-activity;sid:84561447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.208.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698346/; classtype:trojan-activity;sid:84561446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698345)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=eqo78ccg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"indigowelle.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698345/; classtype:trojan-activity;sid:84561445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.244.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698343/; classtype:trojan-activity;sid:84561443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698344/; classtype:trojan-activity;sid:84561444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698342/; classtype:trojan-activity;sid:84561442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698341)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=iyx51zhn"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ambergeist.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698341/; classtype:trojan-activity;sid:84561441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698340)"; flow:established,from_client; content:"GET"; http_method; content:"/710v9ilb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ambergeist.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698340/; classtype:trojan-activity;sid:84561440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.42.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698339/; classtype:trojan-activity;sid:84561439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.103.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698338/; classtype:trojan-activity;sid:84561438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698337)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=gdikoazs"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zenithspitze.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698337/; classtype:trojan-activity;sid:84561437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.195.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698336/; classtype:trojan-activity;sid:84561436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.156.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698335/; classtype:trojan-activity;sid:84561435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698334)"; flow:established,from_client; content:"GET"; http_method; content:"/zohjhrc2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gladeeiche.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698334/; classtype:trojan-activity;sid:84561434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698333)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=8m5595oa"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"gladeeiche.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698333/; classtype:trojan-activity;sid:84561433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.243.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698332/; classtype:trojan-activity;sid:84561432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698331/; classtype:trojan-activity;sid:84561431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.136.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698330/; classtype:trojan-activity;sid:84561430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698329)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=d26dudiq"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vectorblitz.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698329/; classtype:trojan-activity;sid:84561429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698328)"; flow:established,from_client; content:"GET"; http_method; content:"/3ul1i6da"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vectorblitz.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698328/; classtype:trojan-activity;sid:84561428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.71.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698327/; classtype:trojan-activity;sid:84561427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698326)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=gzstka00"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tidalschatten.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698326/; classtype:trojan-activity;sid:84561426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.92.90.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698325/; classtype:trojan-activity;sid:84561425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.93.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698323/; classtype:trojan-activity;sid:84561423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.195.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698324/; classtype:trojan-activity;sid:84561424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.71.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698322/; classtype:trojan-activity;sid:84561422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698321/; classtype:trojan-activity;sid:84561421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.129.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698320/; classtype:trojan-activity;sid:84561420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.39.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698319/; classtype:trojan-activity;sid:84561419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698318)"; flow:established,from_client; content:"GET"; http_method; content:"/p32ihrja"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ovs.amberr-0-ck-et.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698318/; classtype:trojan-activity;sid:84561418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698317/; classtype:trojan-activity;sid:84561417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.145.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698316/; classtype:trojan-activity;sid:84561416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.129.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698315/; classtype:trojan-activity;sid:84561415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.51.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698314/; classtype:trojan-activity;sid:84561414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.208.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698313/; classtype:trojan-activity;sid:84561413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.252.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698312/; classtype:trojan-activity;sid:84561412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.54.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698311/; classtype:trojan-activity;sid:84561411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.9.133.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698310/; classtype:trojan-activity;sid:84561410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.54.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698309/; classtype:trojan-activity;sid:84561409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.208.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698308/; classtype:trojan-activity;sid:84561408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.145.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698307/; classtype:trojan-activity;sid:84561407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.80.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698306/; classtype:trojan-activity;sid:84561406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.207.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698305/; classtype:trojan-activity;sid:84561405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.137.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698304/; classtype:trojan-activity;sid:84561404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.252.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698303/; classtype:trojan-activity;sid:84561403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698302/; classtype:trojan-activity;sid:84561402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.75.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698301/; classtype:trojan-activity;sid:84561401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.166.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698300/; classtype:trojan-activity;sid:84561400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698299)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/t5yvmrj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698299/; classtype:trojan-activity;sid:84561399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.9.133.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698298/; classtype:trojan-activity;sid:84561398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698297)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.73.107.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698297/; classtype:trojan-activity;sid:84561397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.162.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698296/; classtype:trojan-activity;sid:84561396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.80.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698295/; classtype:trojan-activity;sid:84561395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.246.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698293/; classtype:trojan-activity;sid:84561393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.160.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698294/; classtype:trojan-activity;sid:84561394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.87.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698292/; classtype:trojan-activity;sid:84561392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.206.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698291/; classtype:trojan-activity;sid:84561391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.66.146.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698290/; classtype:trojan-activity;sid:84561390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698289)"; flow:established,from_client; content:"GET"; http_method; content:"/b95.google|3f|t=prj9k9ob"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fsrm.lilacsilo.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698289/; classtype:trojan-activity;sid:84561389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.70.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698288/; classtype:trojan-activity;sid:84561388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.66.146.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698287/; classtype:trojan-activity;sid:84561387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.0.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698286/; classtype:trojan-activity;sid:84561386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.114.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698285/; classtype:trojan-activity;sid:84561385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.87.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698284/; classtype:trojan-activity;sid:84561384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.173.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698283/; classtype:trojan-activity;sid:84561383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698282/; classtype:trojan-activity;sid:84561382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.128.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698281/; classtype:trojan-activity;sid:84561381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.206.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698280/; classtype:trojan-activity;sid:84561380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.177.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698279/; classtype:trojan-activity;sid:84561379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.170.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698278/; classtype:trojan-activity;sid:84561378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698277)"; flow:established,from_client; content:"GET"; http_method; content:"/miyileho98.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g1t4.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698277/; classtype:trojan-activity;sid:84561377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698276)"; flow:established,from_client; content:"GET"; http_method; content:"/fqb.google|3f|t=apu5vesb"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"silicon-moss.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698276/; classtype:trojan-activity;sid:84561376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.51.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698275/; classtype:trojan-activity;sid:84561375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698273)"; flow:established,from_client; content:"GET"; http_method; content:"/pd.check|3f|t=1nlwzv0s"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"soniccobalt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698273/; classtype:trojan-activity;sid:84561373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698274)"; flow:established,from_client; content:"GET"; http_method; content:"/1ffsun8djp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k8x1.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698274/; classtype:trojan-activity;sid:84561374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698272)"; flow:established,from_client; content:"GET"; http_method; content:"/download/b.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"us2.bot-hosting.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698272/; classtype:trojan-activity;sid:84561372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.173.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698271/; classtype:trojan-activity;sid:84561371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698269)"; flow:established,from_client; content:"GET"; http_method; content:"/00d953e8e48743ceaa364ca2fec5372d_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"62.60.226.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698269/; classtype:trojan-activity;sid:84561369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698270)"; flow:established,from_client; content:"GET"; http_method; content:"/f48224f1b2d34770a71e9fac3f52b91e_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"62.60.226.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698270/; classtype:trojan-activity;sid:84561370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698268)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"54654.alphacinder.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698268/; classtype:trojan-activity;sid:84561368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.114.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698267/; classtype:trojan-activity;sid:84561367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698265)"; flow:established,from_client; content:"GET"; http_method; content:"/vd3mt452"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"soniccobalt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698265/; classtype:trojan-activity;sid:84561365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698266)"; flow:established,from_client; content:"GET"; http_method; content:"/id69a0kw35.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"orbitkrone.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698266/; classtype:trojan-activity;sid:84561366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698264/; classtype:trojan-activity;sid:84561364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.118.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698263/; classtype:trojan-activity;sid:84561363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.137.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698261/; classtype:trojan-activity;sid:84561361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698262)"; flow:established,from_client; content:"GET"; http_method; content:"/vm8m4qt5vj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k8x1.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698262/; classtype:trojan-activity;sid:84561362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698260)"; flow:established,from_client; content:"GET"; http_method; content:"/fw.check|3f|t=uthiuapp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lotioniron.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698260/; classtype:trojan-activity;sid:84561360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698258/; classtype:trojan-activity;sid:84561358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698259)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8455735771/2tva1kd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698259/; classtype:trojan-activity;sid:84561359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.69.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698257/; classtype:trojan-activity;sid:84561357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.246.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698256/; classtype:trojan-activity;sid:84561356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698255)"; flow:established,from_client; content:"GET"; http_method; content:"/qbxg5wb9ct.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"driftfels.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698255/; classtype:trojan-activity;sid:84561355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698254)"; flow:established,from_client; content:"GET"; http_method; content:"/6iwogh1v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"siliconmoss.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698254/; classtype:trojan-activity;sid:84561354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.177.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698253/; classtype:trojan-activity;sid:84561353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.170.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698252/; classtype:trojan-activity;sid:84561352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.114.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698251/; classtype:trojan-activity;sid:84561351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698250)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/hwj1dzo.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698250/; classtype:trojan-activity;sid:84561350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.19.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698249/; classtype:trojan-activity;sid:84561349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.241.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698248/; classtype:trojan-activity;sid:84561348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698247)"; flow:established,from_client; content:"GET"; http_method; content:"/b3zhv5mw27.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r0b3.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698247/; classtype:trojan-activity;sid:84561347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698246)"; flow:established,from_client; content:"GET"; http_method; content:"/a1.google|3f|t=bpcdt38r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pixel-orbit.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698246/; classtype:trojan-activity;sid:84561346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.163.25.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698245/; classtype:trojan-activity;sid:84561345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.65.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698244/; classtype:trojan-activity;sid:84561344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.114.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698243/; classtype:trojan-activity;sid:84561343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698242)"; flow:established,from_client; content:"GET"; http_method; content:"/vlb3lazm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"solarviolet.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698242/; classtype:trojan-activity;sid:84561342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698241)"; flow:established,from_client; content:"GET"; http_method; content:"/mvsl3vrjw1.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"swiftfluss.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698241/; classtype:trojan-activity;sid:84561341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.109.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698240/; classtype:trojan-activity;sid:84561340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698239)"; flow:established,from_client; content:"GET"; http_method; content:"/vuh.google|3f|t=7oamh19r"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pixelorbit.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698239/; classtype:trojan-activity;sid:84561339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698238)"; flow:established,from_client; content:"GET"; http_method; content:"/uhdmsv98gv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l2f7.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698238/; classtype:trojan-activity;sid:84561338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698237)"; flow:established,from_client; content:"GET"; http_method; content:"/unh3q64kdo.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"swiftfluss.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698237/; classtype:trojan-activity;sid:84561337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698236)"; flow:established,from_client; content:"GET"; http_method; content:"/d4z0erh0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pixelorbit.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698236/; classtype:trojan-activity;sid:84561336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.246.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698235/; classtype:trojan-activity;sid:84561335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.117.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698234/; classtype:trojan-activity;sid:84561334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.250.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698233/; classtype:trojan-activity;sid:84561333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.43.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698232/; classtype:trojan-activity;sid:84561332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.156.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698230/; classtype:trojan-activity;sid:84561330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.46.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698231/; classtype:trojan-activity;sid:84561331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.212.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698229/; classtype:trojan-activity;sid:84561329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698228/; classtype:trojan-activity;sid:84561328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.104.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698227/; classtype:trojan-activity;sid:84561327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.241.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698225/; classtype:trojan-activity;sid:84561325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.19.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698226/; classtype:trojan-activity;sid:84561326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698224)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8455735771/upt37rc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698224/; classtype:trojan-activity;sid:84561324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698223)"; flow:established,from_client; content:"GET"; http_method; content:"/uzjcgpa65s.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"meteorsegel.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698223/; classtype:trojan-activity;sid:84561323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698222)"; flow:established,from_client; content:"GET"; http_method; content:"/r4hxgqnm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"alphacinder.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698222/; classtype:trojan-activity;sid:84561322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.56.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698221/; classtype:trojan-activity;sid:84561321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698220)"; flow:established,from_client; content:"GET"; http_method; content:"/rk5emxovx6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l2f7.starmarkt.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698220/; classtype:trojan-activity;sid:84561320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698219)"; flow:established,from_client; content:"GET"; http_method; content:"/j8w.check|3f|t=dykb8cd2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"alphacinder.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698219/; classtype:trojan-activity;sid:84561319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.169.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698218/; classtype:trojan-activity;sid:84561318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.58.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698217/; classtype:trojan-activity;sid:84561317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.43.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698216/; classtype:trojan-activity;sid:84561316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.123.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698214/; classtype:trojan-activity;sid:84561314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.116.176.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698215/; classtype:trojan-activity;sid:84561315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.11.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698213/; classtype:trojan-activity;sid:84561313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.109.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698211/; classtype:trojan-activity;sid:84561311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.69.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698212/; classtype:trojan-activity;sid:84561312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.156.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698210/; classtype:trojan-activity;sid:84561310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698209/; classtype:trojan-activity;sid:84561309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.117.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698208/; classtype:trojan-activity;sid:84561308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698207)"; flow:established,from_client; content:"GET"; http_method; content:"/lsmlh71t4c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p9c.starmarkt.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698207/; classtype:trojan-activity;sid:84561307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698206)"; flow:established,from_client; content:"GET"; http_method; content:"/cw.check|3f|t=nau2ewwu"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ix.n0vaharbor.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698206/; classtype:trojan-activity;sid:84561306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.56.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698205/; classtype:trojan-activity;sid:84561305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.116.176.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698204/; classtype:trojan-activity;sid:84561304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698203)"; flow:established,from_client; content:"GET"; http_method; content:"/8z0.check|3f|t=slj10ihz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5d.n0vaharbor.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698203/; classtype:trojan-activity;sid:84561303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698202)"; flow:established,from_client; content:"GET"; http_method; content:"/g5z45dxy9w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a6v1.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698202/; classtype:trojan-activity;sid:84561302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.11.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698201/; classtype:trojan-activity;sid:84561301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698200)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"smilesmash.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698200/; classtype:trojan-activity;sid:84561300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698199)"; flow:established,from_client; content:"GET"; http_method; content:"/2x.google|3f|t=7s2iin8x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5kch.n0vaharbor.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698199/; classtype:trojan-activity;sid:84561299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698198)"; flow:established,from_client; content:"GET"; http_method; content:"/u4kxftrjsq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a6v1.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698198/; classtype:trojan-activity;sid:84561298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.49.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698197/; classtype:trojan-activity;sid:84561297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698196)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698196/; classtype:trojan-activity;sid:84561296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.104.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698195/; classtype:trojan-activity;sid:84561295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.134.254.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698194/; classtype:trojan-activity;sid:84561294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.104.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698193/; classtype:trojan-activity;sid:84561293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.145.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698191/; classtype:trojan-activity;sid:84561291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.198.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698192/; classtype:trojan-activity;sid:84561292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.192.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698190/; classtype:trojan-activity;sid:84561290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.229.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698188/; classtype:trojan-activity;sid:84561288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.45.232.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698189/; classtype:trojan-activity;sid:84561289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.215.166.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698185/; classtype:trojan-activity;sid:84561285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698186/; classtype:trojan-activity;sid:84561286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.4.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698187/; classtype:trojan-activity;sid:84561287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.145.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698184/; classtype:trojan-activity;sid:84561284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698183)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698183/; classtype:trojan-activity;sid:84561283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698181)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698181/; classtype:trojan-activity;sid:84561281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698182)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698182/; classtype:trojan-activity;sid:84561282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.182.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698180/; classtype:trojan-activity;sid:84561280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698178)"; flow:established,from_client; content:"GET"; http_method; content:"/duck/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698178/; classtype:trojan-activity;sid:84561278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698179/; classtype:trojan-activity;sid:84561279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698177)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698177/; classtype:trojan-activity;sid:84561277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698175)"; flow:established,from_client; content:"GET"; http_method; content:"/duck/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698175/; classtype:trojan-activity;sid:84561275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698176)"; flow:established,from_client; content:"GET"; http_method; content:"/duck/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698176/; classtype:trojan-activity;sid:84561276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.165.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698174/; classtype:trojan-activity;sid:84561274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698173)"; flow:established,from_client; content:"GET"; http_method; content:"/jw.google|3f|t=r0goww5w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"d7x.ember-grove.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698173/; classtype:trojan-activity;sid:84561273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698172/; classtype:trojan-activity;sid:84561272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.187.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698171/; classtype:trojan-activity;sid:84561271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.249.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698170/; classtype:trojan-activity;sid:84561270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698169)"; flow:established,from_client; content:"GET"; http_method; content:"/uex3qczcih.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"flintwiese.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698169/; classtype:trojan-activity;sid:84561269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698168)"; flow:established,from_client; content:"GET"; http_method; content:"/q49jv7fl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"quartzraven.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698168/; classtype:trojan-activity;sid:84561268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698167)"; flow:established,from_client; content:"GET"; http_method; content:"/fq2xkkxe4d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h8s2.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698167/; classtype:trojan-activity;sid:84561267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698166)"; flow:established,from_client; content:"GET"; http_method; content:"/4y.check|3f|t=bdvdwga9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"quartzraven.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698166/; classtype:trojan-activity;sid:84561266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698165)"; flow:established,from_client; content:"GET"; http_method; content:"/w1pp/r503749j637r01.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698165/; classtype:trojan-activity;sid:84561265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698164)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb3wsf/7/8/9/uju.wsf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698164/; classtype:trojan-activity;sid:84561264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698161)"; flow:established,from_client; content:"GET"; http_method; content:"/wya/r537js829031.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698161/; classtype:trojan-activity;sid:84561261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698162)"; flow:established,from_client; content:"GET"; http_method; content:"/rup/re-5704937421.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698162/; classtype:trojan-activity;sid:84561262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698163)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/1/2/3/tyma.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698163/; classtype:trojan-activity;sid:84561263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698160)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/tyma.wsf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698160/; classtype:trojan-activity;sid:84561260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698159)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb2wsf/4/5/6/kola.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ethical-points-competitive-fluid.trycloudflare.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698159/; classtype:trojan-activity;sid:84561259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698158/; classtype:trojan-activity;sid:84561258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.209.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698157/; classtype:trojan-activity;sid:84561257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698156)"; flow:established,from_client; content:"GET"; http_method; content:"/5xwuuqb12q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h8s2.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698156/; classtype:trojan-activity;sid:84561256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698155)"; flow:established,from_client; content:"GET"; http_method; content:"/xa5.google|3f|t=zsws1rxi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pixe1tu1ip.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698155/; classtype:trojan-activity;sid:84561255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.165.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698154/; classtype:trojan-activity;sid:84561254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.233.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698152/; classtype:trojan-activity;sid:84561252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.136.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698153/; classtype:trojan-activity;sid:84561253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698151)"; flow:established,from_client; content:"GET"; http_method; content:"/mxwj9bfvus.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"thunderforst.online"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698151/; classtype:trojan-activity;sid:84561251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698150)"; flow:established,from_client; content:"GET"; http_method; content:"/l0yjzezk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"frost-indigo.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698150/; classtype:trojan-activity;sid:84561250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.207.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698149/; classtype:trojan-activity;sid:84561249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.232.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698148/; classtype:trojan-activity;sid:84561248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698146)"; flow:established,from_client; content:"GET"; http_method; content:"/lq.check|3f|t=wt5go7sn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"frost-indigo.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698146/; classtype:trojan-activity;sid:84561246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698147)"; flow:established,from_client; content:"GET"; http_method; content:"/mkf0y9xuoy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z5m.brassufer.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698147/; classtype:trojan-activity;sid:84561247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.59.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698145/; classtype:trojan-activity;sid:84561245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.233.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698144/; classtype:trojan-activity;sid:84561244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.76.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698143/; classtype:trojan-activity;sid:84561243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698141)"; flow:established,from_client; content:"GET"; http_method; content:"/fva.check|3f|t=jrbezutw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5a.frost-indigo.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698141/; classtype:trojan-activity;sid:84561241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698142)"; flow:established,from_client; content:"GET"; http_method; content:"/eyxwzfphfq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1q4.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698142/; classtype:trojan-activity;sid:84561242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698140/; classtype:trojan-activity;sid:84561240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698139)"; flow:established,from_client; content:"GET"; http_method; content:"/4n9kqox6x4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1q4.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698139/; classtype:trojan-activity;sid:84561239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698138)"; flow:established,from_client; content:"GET"; http_method; content:"/kh.google|3f|t=1kskc828"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"frostindigo.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698138/; classtype:trojan-activity;sid:84561238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698137/; classtype:trojan-activity;sid:84561237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.94.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698136/; classtype:trojan-activity;sid:84561236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698135)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698135/; classtype:trojan-activity;sid:84561235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698133)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698133/; classtype:trojan-activity;sid:84561233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698134)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.scr"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698134/; classtype:trojan-activity;sid:84561234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698130)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/photo.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698130/; classtype:trojan-activity;sid:84561230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698131)"; flow:established,from_client; content:"GET"; http_method; content:"/807"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"49.232.102.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698131/; classtype:trojan-activity;sid:84561231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698132)"; flow:established,from_client; content:"GET"; http_method; content:"/8065"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"49.232.102.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698132/; classtype:trojan-activity;sid:84561232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698128)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.scr"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698128/; classtype:trojan-activity;sid:84561228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698129)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.scr"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698129/; classtype:trojan-activity;sid:84561229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698127)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.scr"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698127/; classtype:trojan-activity;sid:84561227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698126)"; flow:established,from_client; content:"GET"; http_method; content:"/demon.x64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"54.185.104.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698126/; classtype:trojan-activity;sid:84561226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698124)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/av.lnk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698124/; classtype:trojan-activity;sid:84561224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698125)"; flow:established,from_client; content:"GET"; http_method; content:"/setup_x64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"happymoddl.org"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698125/; classtype:trojan-activity;sid:84561225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698120)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/av.lnk"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698120/; classtype:trojan-activity;sid:84561220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698121)"; flow:established,from_client; content:"GET"; http_method; content:"/usb-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/video.lnk"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698121/; classtype:trojan-activity;sid:84561221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698122)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/photo.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698122/; classtype:trojan-activity;sid:84561222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698123)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/video.lnk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"31.28.44.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698123/; classtype:trojan-activity;sid:84561223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698119/; classtype:trojan-activity;sid:84561219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.207.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698118/; classtype:trojan-activity;sid:84561218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.50.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698117/; classtype:trojan-activity;sid:84561217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.44.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698116/; classtype:trojan-activity;sid:84561216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.41.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698115/; classtype:trojan-activity;sid:84561215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.246.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698114/; classtype:trojan-activity;sid:84561214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.52.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698113/; classtype:trojan-activity;sid:84561213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.52.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698112/; classtype:trojan-activity;sid:84561212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.57.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698111/; classtype:trojan-activity;sid:84561211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.233.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698110/; classtype:trojan-activity;sid:84561210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.108.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698109/; classtype:trojan-activity;sid:84561209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.33.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698108/; classtype:trojan-activity;sid:84561208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.52.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698107/; classtype:trojan-activity;sid:84561207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698105)"; flow:established,from_client; content:"GET"; http_method; content:"/7zb.google|3f|t=9m57w3jb"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ve1vet0rchid.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698105/; classtype:trojan-activity;sid:84561205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698106)"; flow:established,from_client; content:"GET"; http_method; content:"/cwcuvpmjkt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e3k9.brassufer.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698106/; classtype:trojan-activity;sid:84561206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.244.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698103/; classtype:trojan-activity;sid:84561203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.212.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698104/; classtype:trojan-activity;sid:84561204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698102)"; flow:established,from_client; content:"GET"; http_method; content:"/v2.google|3f|t=us99f51r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"et.ve1vet0rchid.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698102/; classtype:trojan-activity;sid:84561202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698101)"; flow:established,from_client; content:"GET"; http_method; content:"/bb8ebtqh1s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w7d.brassufer.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698101/; classtype:trojan-activity;sid:84561201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.134.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698100/; classtype:trojan-activity;sid:84561200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.103.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698099/; classtype:trojan-activity;sid:84561199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698098)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/utls1ti.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698098/; classtype:trojan-activity;sid:84561198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698097)"; flow:established,from_client; content:"GET"; http_method; content:"/x9ow98gpvq.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"copperwerft.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698097/; classtype:trojan-activity;sid:84561197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698096)"; flow:established,from_client; content:"GET"; http_method; content:"/6crhb1mu1p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w7d.brassufer.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698096/; classtype:trojan-activity;sid:84561196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698095)"; flow:established,from_client; content:"GET"; http_method; content:"/gj87txty"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bw9.ve1vet0rchid.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698095/; classtype:trojan-activity;sid:84561195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698094)"; flow:established,from_client; content:"GET"; http_method; content:"/xp.google|3f|t=5lsd2kzz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bw9.ve1vet0rchid.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698094/; classtype:trojan-activity;sid:84561194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698093/; classtype:trojan-activity;sid:84561193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.188.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698092/; classtype:trojan-activity;sid:84561192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.41.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698091/; classtype:trojan-activity;sid:84561191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698090)"; flow:established,from_client; content:"GET"; http_method; content:"/ec9q27pkpu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c1t7.ironbucht.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698090/; classtype:trojan-activity;sid:84561190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698089)"; flow:established,from_client; content:"GET"; http_method; content:"/xvt.check|3f|t=vqr0inph"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"maplexenon.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698089/; classtype:trojan-activity;sid:84561189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.82.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698087/; classtype:trojan-activity;sid:84561187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.61.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698088/; classtype:trojan-activity;sid:84561188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.84.134.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698086/; classtype:trojan-activity;sid:84561186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.136.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698085/; classtype:trojan-activity;sid:84561185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.103.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698084/; classtype:trojan-activity;sid:84561184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.134.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698083/; classtype:trojan-activity;sid:84561183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698082)"; flow:established,from_client; content:"GET"; http_method; content:"/e9jom3dw9n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x9l2.ironbucht.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698082/; classtype:trojan-activity;sid:84561182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698081)"; flow:established,from_client; content:"GET"; http_method; content:"/nq.google|3f|t=nrlzem40"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g74n.maplexenon.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698081/; classtype:trojan-activity;sid:84561181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.141.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698080/; classtype:trojan-activity;sid:84561180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698079)"; flow:established,from_client; content:"GET"; http_method; content:"/doc.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.57.219.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698079/; classtype:trojan-activity;sid:84561179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698078)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698078/; classtype:trojan-activity;sid:84561178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698077)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698077/; classtype:trojan-activity;sid:84561177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698075)"; flow:established,from_client; content:"GET"; http_method; content:"/meu/new_ibo_app.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ptiptv.xyz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698075/; classtype:trojan-activity;sid:84561175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698076)"; flow:established,from_client; content:"GET"; http_method; content:"/fishscanner.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fishspike.pro"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698076/; classtype:trojan-activity;sid:84561176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698073)"; flow:established,from_client; content:"GET"; http_method; content:"/seuapp/ibo-09-temas-rev.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"brplay.store"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698073/; classtype:trojan-activity;sid:84561173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698074)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/agent188.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"agent188core.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698074/; classtype:trojan-activity;sid:84561174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698072)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/agent188.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"agent188strong.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698072/; classtype:trojan-activity;sid:84561172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698067)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698067/; classtype:trojan-activity;sid:84561167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698068)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/agent188.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"agent188super.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698068/; classtype:trojan-activity;sid:84561168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698069)"; flow:established,from_client; content:"GET"; http_method; content:"/ativos/app.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eurogoles.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698069/; classtype:trojan-activity;sid:84561169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698070)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698070/; classtype:trojan-activity;sid:84561170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698071)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/united/united.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"hdteam.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698071/; classtype:trojan-activity;sid:84561171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698066)"; flow:established,from_client; content:"GET"; http_method; content:"/images/turna%20battle.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"turnabattle.fun"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698066/; classtype:trojan-activity;sid:84561166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698064)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/video.scr"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698064/; classtype:trojan-activity;sid:84561164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698065)"; flow:established,from_client; content:"GET"; http_method; content:"/cinemafree.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"domenuss.store"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698065/; classtype:trojan-activity;sid:84561165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698061)"; flow:established,from_client; content:"GET"; http_method; content:"/apps/boboslot_1.0.0.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"boboslotl.cfd"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698061/; classtype:trojan-activity;sid:84561161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698062)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698062/; classtype:trojan-activity;sid:84561162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.162.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698063/; classtype:trojan-activity;sid:84561163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698060)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/angkanet.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"angka5.org"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698060/; classtype:trojan-activity;sid:84561160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698059)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698059/; classtype:trojan-activity;sid:84561159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698056)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698056/; classtype:trojan-activity;sid:84561156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698057)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698057/; classtype:trojan-activity;sid:84561157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698058)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698058/; classtype:trojan-activity;sid:84561158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698053)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/video.scr"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698053/; classtype:trojan-activity;sid:84561153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698054)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/av.scr"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698054/; classtype:trojan-activity;sid:84561154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698055)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/video.scr"; http_uri; depth:178; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698055/; classtype:trojan-activity;sid:84561155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698049)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/av.scr"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698049/; classtype:trojan-activity;sid:84561149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698050)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e7%85%a7%e6%98%8e%e4%ba%8c%e7%8f%ad/video.scr"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698050/; classtype:trojan-activity;sid:84561150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698051)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/119%e9%a9%ac%e9%9b%af%e5%a9%b7-%e6%97%a0/av.scr"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698051/; classtype:trojan-activity;sid:84561151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698052)"; flow:established,from_client; content:"GET"; http_method; content:"/20240103%e8%8b%b1%e8%af%ad%e5%90%ac%e8%af%b4%e6%9c%9f%e6%9c%ab%e5%bd%95%e9%9f%b3/%e5%bd%b1%e8%a7%86%e6%8a%80%e6%9c%af%e7%8f%ad/128%e7%86%8a%e7%be%8e%e8%8c%b9-%e6%97%a0/av.scr"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698052/; classtype:trojan-activity;sid:84561152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.35.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698048/; classtype:trojan-activity;sid:84561148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.61.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698047/; classtype:trojan-activity;sid:84561147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698046)"; flow:established,from_client; content:"GET"; http_method; content:"/ip12u6i7d0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x9l2.ironbucht.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698046/; classtype:trojan-activity;sid:84561146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698045)"; flow:established,from_client; content:"GET"; http_method; content:"/t77.check|3f|t=148h96kj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kmg.maplexenon.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698045/; classtype:trojan-activity;sid:84561145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.82.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698044/; classtype:trojan-activity;sid:84561144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698043)"; flow:established,from_client; content:"GET"; http_method; content:"/tf.google|3f|t=71w8dx4g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1hx8.maplexenon.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698043/; classtype:trojan-activity;sid:84561143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698042)"; flow:established,from_client; content:"GET"; http_method; content:"/0xjpyl5ktr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f5q.ironbucht.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698042/; classtype:trojan-activity;sid:84561142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.154.80.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698041/; classtype:trojan-activity;sid:84561141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698040)"; flow:established,from_client; content:"GET"; http_method; content:"/jm.check|3f|t=hhyyb7mz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sz.maplexenon.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698040/; classtype:trojan-activity;sid:84561140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698039)"; flow:established,from_client; content:"GET"; http_method; content:"/b0nj8xgyql.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f5q.ironbucht.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698039/; classtype:trojan-activity;sid:84561139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698038)"; flow:established,from_client; content:"GET"; http_method; content:"/wb.check|3f|t=nyt1mdnw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xt83.maplexenon.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698038/; classtype:trojan-activity;sid:84561138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698037)"; flow:established,from_client; content:"GET"; http_method; content:"/mo6pg58jnk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d7w2.zephyrsteg.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698037/; classtype:trojan-activity;sid:84561137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698036)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique1/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698036/; classtype:trojan-activity;sid:84561136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.154.80.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698035/; classtype:trojan-activity;sid:84561135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698034)"; flow:established,from_client; content:"GET"; http_method; content:"/06ag7gycui.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d7w2.zephyrsteg.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698034/; classtype:trojan-activity;sid:84561134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698033)"; flow:established,from_client; content:"GET"; http_method; content:"/yeacfxl3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5m.maplexenon.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698033/; classtype:trojan-activity;sid:84561133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698032)"; flow:established,from_client; content:"GET"; http_method; content:"/llsymdvdc9.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"j4va.frosthain.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698032/; classtype:trojan-activity;sid:84561132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698031)"; flow:established,from_client; content:"GET"; http_method; content:"/um.google|3f|t=rrf377v4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5m.maplexenon.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698031/; classtype:trojan-activity;sid:84561131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.0.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698030/; classtype:trojan-activity;sid:84561130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698029)"; flow:established,from_client; content:"GET"; http_method; content:"/bckomavjxl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s0r.zephyrsteg.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698029/; classtype:trojan-activity;sid:84561129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698028)"; flow:established,from_client; content:"GET"; http_method; content:"/um.google|3f|t=9dmg8i96"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5m.maplexenon.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698028/; classtype:trojan-activity;sid:84561128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698027)"; flow:established,from_client; content:"GET"; http_method; content:"/7z8v5tqy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5m.maplexenon.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698027/; classtype:trojan-activity;sid:84561127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.81.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698026/; classtype:trojan-activity;sid:84561126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698025)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.182.160.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698025/; classtype:trojan-activity;sid:84561125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.254.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698024/; classtype:trojan-activity;sid:84561124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.101.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698023/; classtype:trojan-activity;sid:84561123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.149.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698022/; classtype:trojan-activity;sid:84561122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698021)"; flow:established,from_client; content:"GET"; http_method; content:"/s6.check|3f|t=npuxlp7k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"8w.amberr0cket.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698021/; classtype:trojan-activity;sid:84561121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698020)"; flow:established,from_client; content:"GET"; http_method; content:"/citzn0zvyz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m3t9.zephyrsteg.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698020/; classtype:trojan-activity;sid:84561120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698019)"; flow:established,from_client; content:"GET"; http_method; content:"/es4jeiaq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m1r3.amberr0cket.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698019/; classtype:trojan-activity;sid:84561119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698017)"; flow:established,from_client; content:"GET"; http_method; content:"/xut.check|3f|t=regkctkm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m1r3.amberr0cket.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698017/; classtype:trojan-activity;sid:84561117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698018)"; flow:established,from_client; content:"GET"; http_method; content:"/qcruln928k.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"xse3.frosthain.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698018/; classtype:trojan-activity;sid:84561118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698016)"; flow:established,from_client; content:"GET"; http_method; content:"/6isc77492s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kp6.zephyrsteg.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698016/; classtype:trojan-activity;sid:84561116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698015)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.check|3f|t=el7dr95m"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2d63.amberr0cket.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698015/; classtype:trojan-activity;sid:84561115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.195.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698014/; classtype:trojan-activity;sid:84561114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698013/; classtype:trojan-activity;sid:84561113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.43.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698012/; classtype:trojan-activity;sid:84561112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698011)"; flow:established,from_client; content:"GET"; http_method; content:"/dxzxy8v3gj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"kp6.zephyrsteg.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698011/; classtype:trojan-activity;sid:84561111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698010)"; flow:established,from_client; content:"GET"; http_method; content:"/11.google|3f|t=4kni5ggw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oa.amberr0cket.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698010/; classtype:trojan-activity;sid:84561110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698009)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xx8.alphacinder.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698009/; classtype:trojan-activity;sid:84561109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.120.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698008/; classtype:trojan-activity;sid:84561108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.232.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698007/; classtype:trojan-activity;sid:84561107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.102.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698006/; classtype:trojan-activity;sid:84561106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.196.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698005/; classtype:trojan-activity;sid:84561105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698004/; classtype:trojan-activity;sid:84561104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.0.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698003/; classtype:trojan-activity;sid:84561103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698002)"; flow:established,from_client; content:"GET"; http_method; content:"/5kr82br9ux.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v4n1.zephyrsteg.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698002/; classtype:trojan-activity;sid:84561102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698001)"; flow:established,from_client; content:"GET"; http_method; content:"/7nq.check|3f|t=yj99qpax"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"f8s.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698001/; classtype:trojan-activity;sid:84561101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698000)"; flow:established,from_client; content:"GET"; http_method; content:"/62lf02rwk9.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"m7rd.frosthain.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698000/; classtype:trojan-activity;sid:84561100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697999)"; flow:established,from_client; content:"GET"; http_method; content:"/lw0s5h3y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f8s.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697999/; classtype:trojan-activity;sid:84561099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.93.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697998/; classtype:trojan-activity;sid:84561098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.123.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697997/; classtype:trojan-activity;sid:84561097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697996)"; flow:established,from_client; content:"GET"; http_method; content:"/zflk1muw1f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y8c.zephyrsteg.online"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697996/; classtype:trojan-activity;sid:84561096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697995)"; flow:established,from_client; content:"GET"; http_method; content:"/3b.google|3f|t=pwrzr6f6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u3k.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697995/; classtype:trojan-activity;sid:84561095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.107.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697994/; classtype:trojan-activity;sid:84561094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.195.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697993/; classtype:trojan-activity;sid:84561093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697992)"; flow:established,from_client; content:"GET"; http_method; content:"/s665d6ziul.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a9x.frosthain.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697992/; classtype:trojan-activity;sid:84561092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697991)"; flow:established,from_client; content:"GET"; http_method; content:"/q2bi0emx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"u3k.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697991/; classtype:trojan-activity;sid:84561091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.187.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697990/; classtype:trojan-activity;sid:84561090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.102.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697989/; classtype:trojan-activity;sid:84561089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697987)"; flow:established,from_client; content:"GET"; http_method; content:"/zq.google|3f|t=mszzbx9l"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zm4.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697987/; classtype:trojan-activity;sid:84561087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697988)"; flow:established,from_client; content:"GET"; http_method; content:"/y6r5y1afio.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h0f8.solarfracht.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697988/; classtype:trojan-activity;sid:84561088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.196.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697986/; classtype:trojan-activity;sid:84561086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.232.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697984/; classtype:trojan-activity;sid:84561084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697985/; classtype:trojan-activity;sid:84561085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.107.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697983/; classtype:trojan-activity;sid:84561083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.123.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697982/; classtype:trojan-activity;sid:84561082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697980)"; flow:established,from_client; content:"GET"; http_method; content:"/dvzbccietd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2l.solarfracht.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697980/; classtype:trojan-activity;sid:84561080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697981)"; flow:established,from_client; content:"GET"; http_method; content:"/9ti.check|3f|t=mftl1raw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yzc.amberr0cket.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697981/; classtype:trojan-activity;sid:84561081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.17.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697979/; classtype:trojan-activity;sid:84561079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697977/; classtype:trojan-activity;sid:84561077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697978/; classtype:trojan-activity;sid:84561078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697975)"; flow:established,from_client; content:"GET"; http_method; content:"/0o.google|3f|t=nttnubbb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2n.dr1ftpanda.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697975/; classtype:trojan-activity;sid:84561075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697976)"; flow:established,from_client; content:"GET"; http_method; content:"/3wt6ak75jh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b1x3.solarfracht.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697976/; classtype:trojan-activity;sid:84561076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697974/; classtype:trojan-activity;sid:84561074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697972)"; flow:established,from_client; content:"GET"; http_method; content:"/5fy.check|3f|t=vp18lxl6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"u3zc.dr1ftpanda.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697972/; classtype:trojan-activity;sid:84561072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697973)"; flow:established,from_client; content:"GET"; http_method; content:"/ox6zcomtyx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk7.solarfracht.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697973/; classtype:trojan-activity;sid:84561073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.144.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697971/; classtype:trojan-activity;sid:84561071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697970)"; flow:established,from_client; content:"GET"; http_method; content:"/f128pz6jbw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"qk7.solarfracht.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697970/; classtype:trojan-activity;sid:84561070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697969)"; flow:established,from_client; content:"GET"; http_method; content:"/h6.google|3f|t=6h6mzijz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"we.dr1ftpanda.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697969/; classtype:trojan-activity;sid:84561069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.187.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697968/; classtype:trojan-activity;sid:84561068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.192.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697967/; classtype:trojan-activity;sid:84561067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697966)"; flow:established,from_client; content:"GET"; http_method; content:"/e80qblgulc.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"y6kb.l3rc-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697966/; classtype:trojan-activity;sid:84561066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697965)"; flow:established,from_client; content:"GET"; http_method; content:"/35mtw433"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"we.dr1ftpanda.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697965/; classtype:trojan-activity;sid:84561065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.62.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697964/; classtype:trojan-activity;sid:84561064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697962)"; flow:established,from_client; content:"GET"; http_method; content:"/sc6.google|3f|t=24qz839z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hbo8.dr1ftpanda.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697962/; classtype:trojan-activity;sid:84561062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697963)"; flow:established,from_client; content:"GET"; http_method; content:"/sxo5cjxuro.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t9m2.solarfracht.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697963/; classtype:trojan-activity;sid:84561063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697961)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/jfp2zjq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697961/; classtype:trojan-activity;sid:84561061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.46.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697957/; classtype:trojan-activity;sid:84561057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.122.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697958/; classtype:trojan-activity;sid:84561058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.123.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697959/; classtype:trojan-activity;sid:84561059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.76.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697960/; classtype:trojan-activity;sid:84561060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.230.141.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697952/; classtype:trojan-activity;sid:84561052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697953/; classtype:trojan-activity;sid:84561053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.1.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697954/; classtype:trojan-activity;sid:84561054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697955/; classtype:trojan-activity;sid:84561055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.171.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697956/; classtype:trojan-activity;sid:84561056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.42.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697951/; classtype:trojan-activity;sid:84561051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.253.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697950/; classtype:trojan-activity;sid:84561050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.66.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697949/; classtype:trojan-activity;sid:84561049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697948/; classtype:trojan-activity;sid:84561048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.44.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697947/; classtype:trojan-activity;sid:84561047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697946)"; flow:established,from_client; content:"GET"; http_method; content:"/tk61jrv31g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4v.solarfracht.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697946/; classtype:trojan-activity;sid:84561046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697945)"; flow:established,from_client; content:"GET"; http_method; content:"/w5u.google|3f|t=dit6qxfs"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"vo5.dr1ftpanda.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697945/; classtype:trojan-activity;sid:84561045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697944)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697944/; classtype:trojan-activity;sid:84561044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697941)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697941/; classtype:trojan-activity;sid:84561041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697942)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697942/; classtype:trojan-activity;sid:84561042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697943)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697943/; classtype:trojan-activity;sid:84561043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697940)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697940/; classtype:trojan-activity;sid:84561040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697939/; classtype:trojan-activity;sid:84561039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697938)"; flow:established,from_client; content:"GET"; http_method; content:"/8jxy11r5gg.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"p3wz1.l3rc-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697938/; classtype:trojan-activity;sid:84561038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697937)"; flow:established,from_client; content:"GET"; http_method; content:"/rm59mst3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sj.dr1ftpanda.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697937/; classtype:trojan-activity;sid:84561037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.47.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697936/; classtype:trojan-activity;sid:84561036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.192.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697935/; classtype:trojan-activity;sid:84561035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.235.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697934/; classtype:trojan-activity;sid:84561034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697933)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697933/; classtype:trojan-activity;sid:84561033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697932)"; flow:established,from_client; content:"GET"; http_method; content:"/t6zimgt461.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"7.kzg-w-4-y.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697932/; classtype:trojan-activity;sid:84561032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.5.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697931/; classtype:trojan-activity;sid:84561031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697930)"; flow:established,from_client; content:"GET"; http_method; content:"/ura.check|3f|t=sbqm5pj2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sj.dr1ftpanda.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697930/; classtype:trojan-activity;sid:84561030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.66.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697929/; classtype:trojan-activity;sid:84561029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.51.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697928/; classtype:trojan-activity;sid:84561028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697927)"; flow:established,from_client; content:"GET"; http_method; content:"/oct27mainrq.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"scientists-protection-tiny-musician.trycloudflare.com"; http_host; depth:53; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697927/; classtype:trojan-activity;sid:84561027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697926)"; flow:established,from_client; content:"GET"; http_method; content:"/sep01x86_ayoo.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"scientists-protection-tiny-musician.trycloudflare.com"; http_host; depth:53; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697926/; classtype:trojan-activity;sid:84561026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697925)"; flow:established,from_client; content:"GET"; http_method; content:"/oct27starqq.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"scientists-protection-tiny-musician.trycloudflare.com"; http_host; depth:53; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697925/; classtype:trojan-activity;sid:84561025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697924)"; flow:established,from_client; content:"GET"; http_method; content:"/oct27sfsa.bat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"scientists-protection-tiny-musician.trycloudflare.com"; http_host; depth:53; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697924/; classtype:trojan-activity;sid:84561024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697923)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"alpina.alphacinder.digital"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697923/; classtype:trojan-activity;sid:84561023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.253.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697922/; classtype:trojan-activity;sid:84561022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697921)"; flow:established,from_client; content:"GET"; http_method; content:"/zue6w6a18g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2.kzg-w-4-y.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697921/; classtype:trojan-activity;sid:84561021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697920)"; flow:established,from_client; content:"GET"; http_method; content:"/rp2.google|3f|t=m2osw2qr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"g5.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697920/; classtype:trojan-activity;sid:84561020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697919)"; flow:established,from_client; content:"GET"; http_method; content:"/jp79bmrd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"g5.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697919/; classtype:trojan-activity;sid:84561019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.42.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697918/; classtype:trojan-activity;sid:84561018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697917)"; flow:established,from_client; content:"GET"; http_method; content:"/7t3rarzip8.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a9hm.l3rc-0.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697917/; classtype:trojan-activity;sid:84561017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697916)"; flow:established,from_client; content:"GET"; http_method; content:"/177/fjhjhsdfixcvsihfisidfwfbnnfsdhfjhicxcxhvifhsidfihdfihsdifisfisidfisficx.hta"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"23.95.243.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697916/; classtype:trojan-activity;sid:84561016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697915)"; flow:established,from_client; content:"GET"; http_method; content:"/xa0.check|3f|t=q3tu98oq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e5.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697915/; classtype:trojan-activity;sid:84561015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697914)"; flow:established,from_client; content:"GET"; http_method; content:"/s3bavcir0a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2.kzg-w-4-y.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697914/; classtype:trojan-activity;sid:84561014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.65.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697913/; classtype:trojan-activity;sid:84561013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697912)"; flow:established,from_client; content:"GET"; http_method; content:"/pjj0hd1eiz.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"v4q7p.l3rc-0.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697912/; classtype:trojan-activity;sid:84561012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697911)"; flow:established,from_client; content:"GET"; http_method; content:"/cetimurt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e5.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697911/; classtype:trojan-activity;sid:84561011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697910)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697910/; classtype:trojan-activity;sid:84561010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697909)"; flow:established,from_client; content:"GET"; http_method; content:"/i24.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697909/; classtype:trojan-activity;sid:84561009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697908)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697908/; classtype:trojan-activity;sid:84561008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697907)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697907/; classtype:trojan-activity;sid:84561007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697906)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697906/; classtype:trojan-activity;sid:84561006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697904)"; flow:established,from_client; content:"GET"; http_method; content:"/0.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697904/; classtype:trojan-activity;sid:84561004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697905)"; flow:established,from_client; content:"GET"; http_method; content:"/xwormclient.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697905/; classtype:trojan-activity;sid:84561005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697903)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.77.20.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697903/; classtype:trojan-activity;sid:84561003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697898)"; flow:established,from_client; content:"GET"; http_method; content:"/qax.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"43.139.226.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697898/; classtype:trojan-activity;sid:84560998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697899)"; flow:established,from_client; content:"GET"; http_method; content:"/rabert.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.180.49.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697899/; classtype:trojan-activity;sid:84560999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697900)"; flow:established,from_client; content:"GET"; http_method; content:"/2.msi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"194.165.17.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697900/; classtype:trojan-activity;sid:84561000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697901)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.py"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697901/; classtype:trojan-activity;sid:84561001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697902)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.215.85.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697902/; classtype:trojan-activity;sid:84561002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697889)"; flow:established,from_client; content:"GET"; http_method; content:"/docx.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697889/; classtype:trojan-activity;sid:84560989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697890)"; flow:established,from_client; content:"GET"; http_method; content:"/share.zip.bak2"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"62.234.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697890/; classtype:trojan-activity;sid:84560990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697891)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp/docx.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697891/; classtype:trojan-activity;sid:84560991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697892)"; flow:established,from_client; content:"GET"; http_method; content:"/uuu.bat"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"194.165.17.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697892/; classtype:trojan-activity;sid:84560992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697893)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697893/; classtype:trojan-activity;sid:84560993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697894)"; flow:established,from_client; content:"GET"; http_method; content:"/0.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697894/; classtype:trojan-activity;sid:84560994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697895)"; flow:established,from_client; content:"GET"; http_method; content:"/1.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697895/; classtype:trojan-activity;sid:84560995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697896)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697896/; classtype:trojan-activity;sid:84560996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697897)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697897/; classtype:trojan-activity;sid:84560997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697879/; classtype:trojan-activity;sid:84560979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697880)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697880/; classtype:trojan-activity;sid:84560980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697881)"; flow:established,from_client; content:"GET"; http_method; content:"/window.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697881/; classtype:trojan-activity;sid:84560981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697882)"; flow:established,from_client; content:"GET"; http_method; content:"/windows.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697882/; classtype:trojan-activity;sid:84560982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697883)"; flow:established,from_client; content:"GET"; http_method; content:"/shellcode/shellcode.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697883/; classtype:trojan-activity;sid:84560983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697884)"; flow:established,from_client; content:"GET"; http_method; content:"/meitu.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"139.199.157.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697884/; classtype:trojan-activity;sid:84560984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697885)"; flow:established,from_client; content:"GET"; http_method; content:"/xd.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697885/; classtype:trojan-activity;sid:84560985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697886)"; flow:established,from_client; content:"GET"; http_method; content:"/xwormclient.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697886/; classtype:trojan-activity;sid:84560986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697887)"; flow:established,from_client; content:"GET"; http_method; content:"/2.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697887/; classtype:trojan-activity;sid:84560987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697888)"; flow:established,from_client; content:"GET"; http_method; content:"/share.zip"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.234.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697888/; classtype:trojan-activity;sid:84560988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697871)"; flow:established,from_client; content:"GET"; http_method; content:"/vip.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697871/; classtype:trojan-activity;sid:84560971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697872)"; flow:established,from_client; content:"GET"; http_method; content:"/2.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.234.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697872/; classtype:trojan-activity;sid:84560972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697873)"; flow:established,from_client; content:"GET"; http_method; content:"/1.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"62.234.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697873/; classtype:trojan-activity;sid:84560973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697874)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.py"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697874/; classtype:trojan-activity;sid:84560974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697875)"; flow:established,from_client; content:"GET"; http_method; content:"/2222.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697875/; classtype:trojan-activity;sid:84560975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697876)"; flow:established,from_client; content:"GET"; http_method; content:"/2.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697876/; classtype:trojan-activity;sid:84560976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697877)"; flow:established,from_client; content:"GET"; http_method; content:"/2222.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"integraciya.keenetic.pro"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697877/; classtype:trojan-activity;sid:84560977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697878)"; flow:established,from_client; content:"GET"; http_method; content:"/1.ps1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.205.191.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697878/; classtype:trojan-activity;sid:84560978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697870)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697870/; classtype:trojan-activity;sid:84560970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697868)"; flow:established,from_client; content:"GET"; http_method; content:"/test.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.234.150.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697868/; classtype:trojan-activity;sid:84560968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697869)"; flow:established,from_client; content:"GET"; http_method; content:"/mysqla.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"137.220.176.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697869/; classtype:trojan-activity;sid:84560969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697866)"; flow:established,from_client; content:"GET"; http_method; content:"/eznote.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697866/; classtype:trojan-activity;sid:84560966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697867)"; flow:established,from_client; content:"GET"; http_method; content:"/putong.py"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697867/; classtype:trojan-activity;sid:84560967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697865)"; flow:established,from_client; content:"GET"; http_method; content:"/simple-backdoor.php"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"51.77.20.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697865/; classtype:trojan-activity;sid:84560965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697863)"; flow:established,from_client; content:"GET"; http_method; content:"/exec.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.77.20.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697863/; classtype:trojan-activity;sid:84560963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697864)"; flow:established,from_client; content:"GET"; http_method; content:"/shell.php"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.77.20.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697864/; classtype:trojan-activity;sid:84560964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697862)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.141.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697862/; classtype:trojan-activity;sid:84560962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697861)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.243.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697861/; classtype:trojan-activity;sid:84560961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697859)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697859/; classtype:trojan-activity;sid:84560959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697860)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.243.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697860/; classtype:trojan-activity;sid:84560960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697858/; classtype:trojan-activity;sid:84560958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697856)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697856/; classtype:trojan-activity;sid:84560956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697857)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697857/; classtype:trojan-activity;sid:84560957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697855)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697855/; classtype:trojan-activity;sid:84560955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697852)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697852/; classtype:trojan-activity;sid:84560952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697853)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.79.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697853/; classtype:trojan-activity;sid:84560953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697854)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.127.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697854/; classtype:trojan-activity;sid:84560954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697851)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.72.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697851/; classtype:trojan-activity;sid:84560951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697850)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697850/; classtype:trojan-activity;sid:84560950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697848)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.171.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697848/; classtype:trojan-activity;sid:84560948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697849)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697849/; classtype:trojan-activity;sid:84560949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697846)"; flow:established,from_client; content:"GET"; http_method; content:"/bound_app.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"37.27.17.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697846/; classtype:trojan-activity;sid:84560946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697847)"; flow:established,from_client; content:"GET"; http_method; content:"/chevapchichi.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"199.217.98.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697847/; classtype:trojan-activity;sid:84560947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697844)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697844/; classtype:trojan-activity;sid:84560944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697845)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697845/; classtype:trojan-activity;sid:84560945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697843/; classtype:trojan-activity;sid:84560943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.211.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697837/; classtype:trojan-activity;sid:84560937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697838)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.223.243.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697838/; classtype:trojan-activity;sid:84560938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697839)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697839/; classtype:trojan-activity;sid:84560939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697840)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.148.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697840/; classtype:trojan-activity;sid:84560940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697841)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697841/; classtype:trojan-activity;sid:84560941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697842)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697842/; classtype:trojan-activity;sid:84560942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697835)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.77.244.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697835/; classtype:trojan-activity;sid:84560935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697836)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.82.77.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697836/; classtype:trojan-activity;sid:84560936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697834)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"218.158.139.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697834/; classtype:trojan-activity;sid:84560934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697830)"; flow:established,from_client; content:"GET"; http_method; content:"/sbi.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"37.27.17.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697830/; classtype:trojan-activity;sid:84560930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697831)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697831/; classtype:trojan-activity;sid:84560931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697832)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697832/; classtype:trojan-activity;sid:84560932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697833)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.223.243.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697833/; classtype:trojan-activity;sid:84560933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697829)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.80.195.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697829/; classtype:trojan-activity;sid:84560929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697828)"; flow:established,from_client; content:"GET"; http_method; content:"/mysqla.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"137.220.176.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697828/; classtype:trojan-activity;sid:84560928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.249.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697823/; classtype:trojan-activity;sid:84560923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697824)"; flow:established,from_client; content:"GET"; http_method; content:"/pop/tor.wsf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hardware-added-mba-night.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697824/; classtype:trojan-activity;sid:84560924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697825)"; flow:established,from_client; content:"GET"; http_method; content:"/hero.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"199.217.98.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697825/; classtype:trojan-activity;sid:84560925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697826/; classtype:trojan-activity;sid:84560926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.47.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697827/; classtype:trojan-activity;sid:84560927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.141.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697821/; classtype:trojan-activity;sid:84560921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.178.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697822/; classtype:trojan-activity;sid:84560922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697818)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697818/; classtype:trojan-activity;sid:84560918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697819)"; flow:established,from_client; content:"GET"; http_method; content:"/svekla.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"199.217.98.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697819/; classtype:trojan-activity;sid:84560919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697820)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697820/; classtype:trojan-activity;sid:84560920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697817)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.151.162.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697817/; classtype:trojan-activity;sid:84560917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697812)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697812/; classtype:trojan-activity;sid:84560912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697813)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697813/; classtype:trojan-activity;sid:84560913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697814)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=x6lwhu4j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697814/; classtype:trojan-activity;sid:84560914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697815)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.80.195.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697815/; classtype:trojan-activity;sid:84560915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697816)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697816/; classtype:trojan-activity;sid:84560916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697808)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.223.243.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697808/; classtype:trojan-activity;sid:84560908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697809)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697809/; classtype:trojan-activity;sid:84560909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697810)"; flow:established,from_client; content:"GET"; http_method; content:"/calculator.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"37.27.17.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697810/; classtype:trojan-activity;sid:84560910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697811)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697811/; classtype:trojan-activity;sid:84560911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697800)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.171.160.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697800/; classtype:trojan-activity;sid:84560900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697801)"; flow:established,from_client; content:"GET"; http_method; content:"/update.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"37.27.17.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697801/; classtype:trojan-activity;sid:84560901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697802)"; flow:established,from_client; content:"GET"; http_method; content:"/mk7z9jhkgu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"la.kzg-w-4-y.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697802/; classtype:trojan-activity;sid:84560902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697803)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697803/; classtype:trojan-activity;sid:84560903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697804)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.177.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697804/; classtype:trojan-activity;sid:84560904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697805)"; flow:established,from_client; content:"GET"; http_method; content:"/young.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"199.217.98.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697805/; classtype:trojan-activity;sid:84560905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697806)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.139.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697806/; classtype:trojan-activity;sid:84560906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697807)"; flow:established,from_client; content:"GET"; http_method; content:"/demodata.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"37.27.17.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697807/; classtype:trojan-activity;sid:84560907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697799)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.114.75.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697799/; classtype:trojan-activity;sid:84560899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697794)"; flow:established,from_client; content:"GET"; http_method; content:"/attackshark/g3pro/g3prosoftware.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"support.attackshark.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697794/; classtype:trojan-activity;sid:84560894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.92.50.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697793/; classtype:trojan-activity;sid:84560893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697792)"; flow:established,from_client; content:"GET"; http_method; content:"/invade/remote/metasploit/windows/crack.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"115.227.166.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697792/; classtype:trojan-activity;sid:84560892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697791)"; flow:established,from_client; content:"GET"; http_method; content:"/tran.dsp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697791/; classtype:trojan-activity;sid:84560891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697790)"; flow:established,from_client; content:"GET"; http_method; content:"/d/server.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"wafflemafia.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697790/; classtype:trojan-activity;sid:84560890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697787)"; flow:established,from_client; content:"GET"; http_method; content:"/documents/fat_10_2025_873412345.pdf.lnk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"hardware-added-mba-night.trycloudflare.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697787/; classtype:trojan-activity;sid:84560887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697788)"; flow:established,from_client; content:"GET"; http_method; content:"/d/server.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.208.159.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697788/; classtype:trojan-activity;sid:84560888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697789)"; flow:established,from_client; content:"GET"; http_method; content:"/aibkp63.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697789/; classtype:trojan-activity;sid:84560889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697786)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hurted/run.ps1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697786/; classtype:trojan-activity;sid:84560886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697785)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51201.billingfox.digital"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697785/; classtype:trojan-activity;sid:84560885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697784)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=wi1xl5py"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697784/; classtype:trojan-activity;sid:84560884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697783)"; flow:established,from_client; content:"GET"; http_method; content:"/4q2gfnsumt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"la.kzg-w-4-y.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697783/; classtype:trojan-activity;sid:84560883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.141.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697782/; classtype:trojan-activity;sid:84560882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.65.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697781/; classtype:trojan-activity;sid:84560881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.248.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697780/; classtype:trojan-activity;sid:84560880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697779)"; flow:established,from_client; content:"GET"; http_method; content:"/ya.google|3f|t=pbcbifwj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sm.tundrasable.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697779/; classtype:trojan-activity;sid:84560879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697778)"; flow:established,from_client; content:"GET"; http_method; content:"/3g8fl38arf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wwe.kzg-w-4-y.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697778/; classtype:trojan-activity;sid:84560878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.193.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697777/; classtype:trojan-activity;sid:84560877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697776)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rome.alphacinder.digital"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697776/; classtype:trojan-activity;sid:84560876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697774)"; flow:established,from_client; content:"GET"; http_method; content:"/az4.google|3f|t=kozy17vj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y7.quasarorchid.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697774/; classtype:trojan-activity;sid:84560874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697775)"; flow:established,from_client; content:"GET"; http_method; content:"/9l7fcyr9fj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wwe.kzg-w-4-y.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697775/; classtype:trojan-activity;sid:84560875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697773)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697773/; classtype:trojan-activity;sid:84560873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697772)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697772/; classtype:trojan-activity;sid:84560872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697769)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697769/; classtype:trojan-activity;sid:84560869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697770)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697770/; classtype:trojan-activity;sid:84560870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697771)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697771/; classtype:trojan-activity;sid:84560871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697767)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697767/; classtype:trojan-activity;sid:84560867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697768)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697768/; classtype:trojan-activity;sid:84560868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697764)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697764/; classtype:trojan-activity;sid:84560864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697765)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697765/; classtype:trojan-activity;sid:84560865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697766)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697766/; classtype:trojan-activity;sid:84560866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697762)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697762/; classtype:trojan-activity;sid:84560862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697763)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697763/; classtype:trojan-activity;sid:84560863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697758)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697758/; classtype:trojan-activity;sid:84560858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697759)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697759/; classtype:trojan-activity;sid:84560859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697760)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697760/; classtype:trojan-activity;sid:84560860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697761)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"teamc2.duckdns.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697761/; classtype:trojan-activity;sid:84560861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697757)"; flow:established,from_client; content:"GET"; http_method; content:"/vvj3mbgkbo.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"c1k.coralglanz.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697757/; classtype:trojan-activity;sid:84560857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697756)"; flow:established,from_client; content:"GET"; http_method; content:"/rf4aykp1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y7.quasarorchid.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697756/; classtype:trojan-activity;sid:84560856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.249.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697755/; classtype:trojan-activity;sid:84560855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697754)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697754/; classtype:trojan-activity;sid:84560854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697753)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697753/; classtype:trojan-activity;sid:84560853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697748)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697748/; classtype:trojan-activity;sid:84560848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697749)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697749/; classtype:trojan-activity;sid:84560849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697750)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697750/; classtype:trojan-activity;sid:84560850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697751)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697751/; classtype:trojan-activity;sid:84560851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697752)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697752/; classtype:trojan-activity;sid:84560852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697741)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697741/; classtype:trojan-activity;sid:84560841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697742)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697742/; classtype:trojan-activity;sid:84560842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697743)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/space.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697743/; classtype:trojan-activity;sid:84560843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697744)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697744/; classtype:trojan-activity;sid:84560844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697745)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697745/; classtype:trojan-activity;sid:84560845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697746)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697746/; classtype:trojan-activity;sid:84560846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697747)"; flow:established,from_client; content:"GET"; http_method; content:"/bns/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697747/; classtype:trojan-activity;sid:84560847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697740/; classtype:trojan-activity;sid:84560840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.144.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697739/; classtype:trojan-activity;sid:84560839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.197.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697738/; classtype:trojan-activity;sid:84560838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.160.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697737/; classtype:trojan-activity;sid:84560837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697736)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=x8w6rosf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"x4m.quasarorchid.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697736/; classtype:trojan-activity;sid:84560836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697735)"; flow:established,from_client; content:"GET"; http_method; content:"/jhr6hxaq3t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t6k9.kzg-w-4-y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697735/; classtype:trojan-activity;sid:84560835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697734)"; flow:established,from_client; content:"GET"; http_method; content:"/equurjk8u2.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"y9p.coralglanz.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697734/; classtype:trojan-activity;sid:84560834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697733)"; flow:established,from_client; content:"GET"; http_method; content:"/t41iy8di"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x4m.quasarorchid.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697733/; classtype:trojan-activity;sid:84560833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.193.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697732/; classtype:trojan-activity;sid:84560832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697730)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=w4poynrw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bz.quasarorchid.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697730/; classtype:trojan-activity;sid:84560830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697731)"; flow:established,from_client; content:"GET"; http_method; content:"/t6o2bwjiu6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"4p1m.kzg-w-4-y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697731/; classtype:trojan-activity;sid:84560831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.203.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697729/; classtype:trojan-activity;sid:84560829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697727)"; flow:established,from_client; content:"GET"; http_method; content:"/g0b1jjj9bl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"4p1m.kzg-w-4-y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697727/; classtype:trojan-activity;sid:84560827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.232.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697728/; classtype:trojan-activity;sid:84560828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697726)"; flow:established,from_client; content:"GET"; http_method; content:"/1kz.check|3f|t=sy6icl95"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q1.quasarorchid.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697726/; classtype:trojan-activity;sid:84560826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.15.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697725/; classtype:trojan-activity;sid:84560825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697724)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/dsal9tv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697724/; classtype:trojan-activity;sid:84560824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.188.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697723/; classtype:trojan-activity;sid:84560823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.86.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697722/; classtype:trojan-activity;sid:84560822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.176.87.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697721/; classtype:trojan-activity;sid:84560821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.246.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697720/; classtype:trojan-activity;sid:84560820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.171.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697719/; classtype:trojan-activity;sid:84560819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.234.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697718/; classtype:trojan-activity;sid:84560818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.196.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697717/; classtype:trojan-activity;sid:84560817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697716)"; flow:established,from_client; content:"GET"; http_method; content:"/yb93csmzps.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s8rk2.085-x-89-c.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697716/; classtype:trojan-activity;sid:84560816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697715)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=vefi4rn2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0x.opaldrift.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697715/; classtype:trojan-activity;sid:84560815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697713)"; flow:established,from_client; content:"GET"; http_method; content:"/4cs0fd8o"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p0x.opaldrift.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697713/; classtype:trojan-activity;sid:84560813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697714)"; flow:established,from_client; content:"GET"; http_method; content:"/o76qycvozu.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"h5.coralglanz.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697714/; classtype:trojan-activity;sid:84560814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.86.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697712/; classtype:trojan-activity;sid:84560812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697711)"; flow:established,from_client; content:"GET"; http_method; content:"/wve9n1x4t9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x0la.085-x-89-c.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697711/; classtype:trojan-activity;sid:84560811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697710)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=ar0cepjr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"oz.opaldrift.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697710/; classtype:trojan-activity;sid:84560810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.160.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697709/; classtype:trojan-activity;sid:84560809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.197.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697708/; classtype:trojan-activity;sid:84560808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697707)"; flow:established,from_client; content:"GET"; http_method; content:"/gfw1vlk90s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x0la.085-x-89-c.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697707/; classtype:trojan-activity;sid:84560807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697706)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=38ljmbqk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.opaldrift.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697706/; classtype:trojan-activity;sid:84560806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.196.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697705/; classtype:trojan-activity;sid:84560805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.112.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697704/; classtype:trojan-activity;sid:84560804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697703/; classtype:trojan-activity;sid:84560803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.79.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697702/; classtype:trojan-activity;sid:84560802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.96.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697701/; classtype:trojan-activity;sid:84560801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697700)"; flow:established,from_client; content:"GET"; http_method; content:"/9v3lm427"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"so.opaldrift.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697700/; classtype:trojan-activity;sid:84560800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697699)"; flow:established,from_client; content:"GET"; http_method; content:"/ds7371bgbu.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"t2w.coralglanz.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697699/; classtype:trojan-activity;sid:84560799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697698)"; flow:established,from_client; content:"GET"; http_method; content:"/yeqweahi8i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q2w5e.085-x-89-c.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697698/; classtype:trojan-activity;sid:84560798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697697)"; flow:established,from_client; content:"GET"; http_method; content:"/w2n.google|3f|t=smpluew7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sa3.cedarnova.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697697/; classtype:trojan-activity;sid:84560797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.140.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697696/; classtype:trojan-activity;sid:84560796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697694/; classtype:trojan-activity;sid:84560794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.4.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697695/; classtype:trojan-activity;sid:84560795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697693)"; flow:established,from_client; content:"GET"; http_method; content:"/dgn8io2x90.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a7.prismquelle.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697693/; classtype:trojan-activity;sid:84560793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697692)"; flow:established,from_client; content:"GET"; http_method; content:"/wwa8bov3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sa3.cedarnova.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697692/; classtype:trojan-activity;sid:84560792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.70.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697691/; classtype:trojan-activity;sid:84560791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.112.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697690/; classtype:trojan-activity;sid:84560790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697689)"; flow:established,from_client; content:"GET"; http_method; content:"/xog8kin5oi.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a7.prismquelle.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697689/; classtype:trojan-activity;sid:84560789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697688)"; flow:established,from_client; content:"GET"; http_method; content:"/wqeuh0us"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cm.cedarnova.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697688/; classtype:trojan-activity;sid:84560788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697687/; classtype:trojan-activity;sid:84560787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.108.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697686/; classtype:trojan-activity;sid:84560786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697685)"; flow:established,from_client; content:"GET"; http_method; content:"/f91.check|3f|t=b382uuec"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cm.cedarnova.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697685/; classtype:trojan-activity;sid:84560785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.165.26.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697684/; classtype:trojan-activity;sid:84560784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697683)"; flow:established,from_client; content:"GET"; http_method; content:"/l4vfyd6ura.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b3h7.085-x-89-c.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697683/; classtype:trojan-activity;sid:84560783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.208.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697682/; classtype:trojan-activity;sid:84560782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.230.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697681/; classtype:trojan-activity;sid:84560781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.140.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697680/; classtype:trojan-activity;sid:84560780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697679)"; flow:established,from_client; content:"GET"; http_method; content:"/3l24rozi56.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z9tqn.085-x-89-c.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697679/; classtype:trojan-activity;sid:84560779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697678)"; flow:established,from_client; content:"GET"; http_method; content:"/vd1.google|3f|t=ny9jiv3w"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"n7.cedarnova.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697678/; classtype:trojan-activity;sid:84560778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.3.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697677/; classtype:trojan-activity;sid:84560777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697676)"; flow:established,from_client; content:"GET"; http_method; content:"/r4dtpaq2dr.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"m0x.prismquelle.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697676/; classtype:trojan-activity;sid:84560776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697675)"; flow:established,from_client; content:"GET"; http_method; content:"/oxm0liyc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t1n.cedarnova.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697675/; classtype:trojan-activity;sid:84560775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.26.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697674/; classtype:trojan-activity;sid:84560774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697673)"; flow:established,from_client; content:"GET"; http_method; content:"/k24.check|3f|t=5l7qsqzr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t1n.cedarnova.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697673/; classtype:trojan-activity;sid:84560773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.59.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697672/; classtype:trojan-activity;sid:84560772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.239.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697671/; classtype:trojan-activity;sid:84560771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.208.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697670/; classtype:trojan-activity;sid:84560770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.230.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697669/; classtype:trojan-activity;sid:84560769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.233.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697668/; classtype:trojan-activity;sid:84560768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697667)"; flow:established,from_client; content:"GET"; http_method; content:"/a4iplrerai.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d6y1.085-x-89-c.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697667/; classtype:trojan-activity;sid:84560767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697666)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=hsrqb8vv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bqk.aspenatlas.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697666/; classtype:trojan-activity;sid:84560766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.3.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697665/; classtype:trojan-activity;sid:84560765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.178.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697664/; classtype:trojan-activity;sid:84560764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.116.57.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697663/; classtype:trojan-activity;sid:84560763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.144.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697662/; classtype:trojan-activity;sid:84560762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697660)"; flow:established,from_client; content:"GET"; http_method; content:"/ab3.check|3f|t=0ldyjhos"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2.aspenatlas.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697660/; classtype:trojan-activity;sid:84560760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697661)"; flow:established,from_client; content:"GET"; http_method; content:"/7xrcv14pyx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d6y1.085-x-89-c.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697661/; classtype:trojan-activity;sid:84560761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697659/; classtype:trojan-activity;sid:84560759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697658)"; flow:established,from_client; content:"GET"; http_method; content:"/nr1e63lp65.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"z8q.prismquelle.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697658/; classtype:trojan-activity;sid:84560758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697657)"; flow:established,from_client; content:"GET"; http_method; content:"/kgg8g7kz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x2.aspenatlas.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697657/; classtype:trojan-activity;sid:84560757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.239.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697656/; classtype:trojan-activity;sid:84560756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.200.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697655/; classtype:trojan-activity;sid:84560755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.137.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697654/; classtype:trojan-activity;sid:84560754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.152.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697653/; classtype:trojan-activity;sid:84560753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.140.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697652/; classtype:trojan-activity;sid:84560752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.111.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697650/; classtype:trojan-activity;sid:84560750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.128.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697651/; classtype:trojan-activity;sid:84560751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697648)"; flow:established,from_client; content:"GET"; http_method; content:"/q3k.check|3f|t=kt4nxnmx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m8q.aspenatlas.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697648/; classtype:trojan-activity;sid:84560748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697649)"; flow:established,from_client; content:"GET"; http_method; content:"/u1laxxm1go.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d7q.a-8-xp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697649/; classtype:trojan-activity;sid:84560749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.190.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697647/; classtype:trojan-activity;sid:84560747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.124.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697646/; classtype:trojan-activity;sid:84560746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.41.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697645/; classtype:trojan-activity;sid:84560745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.200.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697644/; classtype:trojan-activity;sid:84560744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.93.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697643/; classtype:trojan-activity;sid:84560743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697641)"; flow:established,from_client; content:"GET"; http_method; content:"/m04.google|3f|t=ldivy0me"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xk.vortexgipfel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697641/; classtype:trojan-activity;sid:84560741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697642)"; flow:established,from_client; content:"GET"; http_method; content:"/itp1fxkp5h.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hpn4.a-8-xp.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697642/; classtype:trojan-activity;sid:84560742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.181.224.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697640/; classtype:trojan-activity;sid:84560740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697639)"; flow:established,from_client; content:"GET"; http_method; content:"/cfv5ztw5vg.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"k3.prismquelle.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697639/; classtype:trojan-activity;sid:84560739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697638)"; flow:established,from_client; content:"GET"; http_method; content:"/edmy6fji"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p2.vortexgipfel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697638/; classtype:trojan-activity;sid:84560738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697637/; classtype:trojan-activity;sid:84560737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.124.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697636/; classtype:trojan-activity;sid:84560736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697635)"; flow:established,from_client; content:"GET"; http_method; content:"/g4sxhzya1e.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"k3.prismquelle.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697635/; classtype:trojan-activity;sid:84560735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697634)"; flow:established,from_client; content:"GET"; http_method; content:"/t81gnb12"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c3r.vortexgipfel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697634/; classtype:trojan-activity;sid:84560734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.110.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697633/; classtype:trojan-activity;sid:84560733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.111.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697632/; classtype:trojan-activity;sid:84560732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697630)"; flow:established,from_client; content:"GET"; http_method; content:"/h7.google|3f|t=jqeorlyi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c3r.vortexgipfel.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697630/; classtype:trojan-activity;sid:84560730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697631)"; flow:established,from_client; content:"GET"; http_method; content:"/gfpjm0ygp8.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ty3.a-8-xp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697631/; classtype:trojan-activity;sid:84560731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.240.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697629/; classtype:trojan-activity;sid:84560729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.201.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697628/; classtype:trojan-activity;sid:84560728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.93.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697627/; classtype:trojan-activity;sid:84560727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697626)"; flow:established,from_client; content:"GET"; http_method; content:"/cpyrgboq7l.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z01.a-8-xp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697626/; classtype:trojan-activity;sid:84560726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697625)"; flow:established,from_client; content:"GET"; http_method; content:"/0xq.check|3f|t=k3h7titv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"w9.vortexgipfel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697625/; classtype:trojan-activity;sid:84560725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.152.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697624/; classtype:trojan-activity;sid:84560724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697623)"; flow:established,from_client; content:"GET"; http_method; content:"/uaf6c2opm0.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"w2t.ravenpfad.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697623/; classtype:trojan-activity;sid:84560723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697622)"; flow:established,from_client; content:"GET"; http_method; content:"/hbtnqnsq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"be.vortexgipfel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697622/; classtype:trojan-activity;sid:84560722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.232.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697621/; classtype:trojan-activity;sid:84560721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697620/; classtype:trojan-activity;sid:84560720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697618)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=ubja9qag"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tqf.summitmond.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697618/; classtype:trojan-activity;sid:84560718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697619)"; flow:established,from_client; content:"GET"; http_method; content:"/x3en70txid.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v9r.a-8-xp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697619/; classtype:trojan-activity;sid:84560719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.225.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697617/; classtype:trojan-activity;sid:84560717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697616)"; flow:established,from_client; content:"GET"; http_method; content:"/i1y1jzfk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"z1.summitmond.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697616/; classtype:trojan-activity;sid:84560716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697615)"; flow:established,from_client; content:"GET"; http_method; content:"/aq73gr128p.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"a3.ravenpfad.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697615/; classtype:trojan-activity;sid:84560715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.185.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697614/; classtype:trojan-activity;sid:84560714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.203.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697613/; classtype:trojan-activity;sid:84560713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697612)"; flow:established,from_client; content:"GET"; http_method; content:"/yeeoly0dhn.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v9r.a-8-xp.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697612/; classtype:trojan-activity;sid:84560712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697611)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=9flggngq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd2.summitmond.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697611/; classtype:trojan-activity;sid:84560711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697610)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697610/; classtype:trojan-activity;sid:84560710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697609)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697609/; classtype:trojan-activity;sid:84560709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697606)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697606/; classtype:trojan-activity;sid:84560706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697607)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697607/; classtype:trojan-activity;sid:84560707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697608)"; flow:established,from_client; content:"GET"; http_method; content:"/xmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"158.94.209.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697608/; classtype:trojan-activity;sid:84560708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697605)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697605/; classtype:trojan-activity;sid:84560705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697594)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697594/; classtype:trojan-activity;sid:84560694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697595)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697595/; classtype:trojan-activity;sid:84560695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697596)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697596/; classtype:trojan-activity;sid:84560696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697597)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697597/; classtype:trojan-activity;sid:84560697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697598)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697598/; classtype:trojan-activity;sid:84560698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697599)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697599/; classtype:trojan-activity;sid:84560699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697600)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697600/; classtype:trojan-activity;sid:84560700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697601)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697601/; classtype:trojan-activity;sid:84560701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697602)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697602/; classtype:trojan-activity;sid:84560702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697603)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697603/; classtype:trojan-activity;sid:84560703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697604)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.66.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697604/; classtype:trojan-activity;sid:84560704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697593)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697593/; classtype:trojan-activity;sid:84560693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.170.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697592/; classtype:trojan-activity;sid:84560692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697590)"; flow:established,from_client; content:"GET"; http_method; content:"/fy4wxgj2x4.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k2.a-8-xp.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697590/; classtype:trojan-activity;sid:84560690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697591)"; flow:established,from_client; content:"GET"; http_method; content:"/b56f6970725f4fdeaf08fda137f0a45c_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"62.60.226.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697591/; classtype:trojan-activity;sid:84560691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697589)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=bixm7qx2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q7m.summitmond.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697589/; classtype:trojan-activity;sid:84560689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697588)"; flow:established,from_client; content:"GET"; http_method; content:"/fukfr0mt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q7m.summitmond.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697588/; classtype:trojan-activity;sid:84560688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697587)"; flow:established,from_client; content:"GET"; http_method; content:"/fdo0ey1fo6.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"n7x.ravenpfad.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697587/; classtype:trojan-activity;sid:84560687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.52.166.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697586/; classtype:trojan-activity;sid:84560686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.118.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697585/; classtype:trojan-activity;sid:84560685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.61.161.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697584/; classtype:trojan-activity;sid:84560684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.240.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697581/; classtype:trojan-activity;sid:84560681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.175.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697582/; classtype:trojan-activity;sid:84560682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.178.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697583/; classtype:trojan-activity;sid:84560683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.155.2.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697576/; classtype:trojan-activity;sid:84560676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.239.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697577/; classtype:trojan-activity;sid:84560677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.171.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697578/; classtype:trojan-activity;sid:84560678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.75.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697579/; classtype:trojan-activity;sid:84560679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.52.166.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697580/; classtype:trojan-activity;sid:84560680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697575)"; flow:established,from_client; content:"GET"; http_method; content:"/l4oi6exns1.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k2.a-8-xp.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697575/; classtype:trojan-activity;sid:84560675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697574)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=m9m228qk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gs.summitmond.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697574/; classtype:trojan-activity;sid:84560674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.18.66.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697573/; classtype:trojan-activity;sid:84560673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697571)"; flow:established,from_client; content:"GET"; http_method; content:"/k240.google|3f|t=lar3f5nm"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"x4.ripplerover.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697571/; classtype:trojan-activity;sid:84560671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697572)"; flow:established,from_client; content:"GET"; http_method; content:"/ami6ms3rq6.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m0k.8-f-e8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697572/; classtype:trojan-activity;sid:84560672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697570/; classtype:trojan-activity;sid:84560670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.108.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697569/; classtype:trojan-activity;sid:84560669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.203.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697568/; classtype:trojan-activity;sid:84560668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.152.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697567/; classtype:trojan-activity;sid:84560667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697566)"; flow:established,from_client; content:"GET"; http_method; content:"/3cg5dathi8.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"q4.ravenpfad.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697566/; classtype:trojan-activity;sid:84560666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697565)"; flow:established,from_client; content:"GET"; http_method; content:"/d3ybose0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a2n.ripplerover.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697565/; classtype:trojan-activity;sid:84560665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697564)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5298241443/z8vai6z.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697564/; classtype:trojan-activity;sid:84560664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697562)"; flow:established,from_client; content:"GET"; http_method; content:"/rm7.check|3f|t=dek4aevv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a2n.ripplerover.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697562/; classtype:trojan-activity;sid:84560662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697563)"; flow:established,from_client; content:"GET"; http_method; content:"/gmytzeyrmm.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c1v.8-f-e8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697563/; classtype:trojan-activity;sid:84560663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.253.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697561/; classtype:trojan-activity;sid:84560661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697560)"; flow:established,from_client; content:"GET"; http_method; content:"/0q.google|3f|t=77gcv8g3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zt3.ripplerover.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697560/; classtype:trojan-activity;sid:84560660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697559)"; flow:established,from_client; content:"GET"; http_method; content:"/lla8wkpav0.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pr6q.8-f-e8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697559/; classtype:trojan-activity;sid:84560659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697558/; classtype:trojan-activity;sid:84560658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.248.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697557/; classtype:trojan-activity;sid:84560657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.240.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697556/; classtype:trojan-activity;sid:84560656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697555/; classtype:trojan-activity;sid:84560655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.152.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697554/; classtype:trojan-activity;sid:84560654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697552)"; flow:established,from_client; content:"GET"; http_method; content:"/f1.google|3f|t=5awx4sek"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kp.ripplerover.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697552/; classtype:trojan-activity;sid:84560652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697553)"; flow:established,from_client; content:"GET"; http_method; content:"/z8ihyj6583.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"9am.8-f-e8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697553/; classtype:trojan-activity;sid:84560653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.100.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697551/; classtype:trojan-activity;sid:84560651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697550)"; flow:established,from_client; content:"GET"; http_method; content:"/x0hb7hoavg.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d5.willowberg.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697550/; classtype:trojan-activity;sid:84560650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697549)"; flow:established,from_client; content:"GET"; http_method; content:"/g730krkh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"kp.ripplerover.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697549/; classtype:trojan-activity;sid:84560649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.214.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697548/; classtype:trojan-activity;sid:84560648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697547/; classtype:trojan-activity;sid:84560647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697546)"; flow:established,from_client; content:"GET"; http_method; content:"/ytvqsjmdo6.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x4d.8-f-e8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697546/; classtype:trojan-activity;sid:84560646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697545)"; flow:established,from_client; content:"GET"; http_method; content:"/0a1.google|3f|t=n09z1ggt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"yxm.forgehafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697545/; classtype:trojan-activity;sid:84560645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.248.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697544/; classtype:trojan-activity;sid:84560644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697542)"; flow:established,from_client; content:"GET"; http_method; content:"/0dqdqw2790.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"d5.willowberg.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697542/; classtype:trojan-activity;sid:84560642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697543)"; flow:established,from_client; content:"GET"; http_method; content:"/f2gpzyrt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c4n.forgehafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697543/; classtype:trojan-activity;sid:84560643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697541)"; flow:established,from_client; content:"GET"; http_method; content:"/8fj2j62d8z.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x4d.8-f-e8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697541/; classtype:trojan-activity;sid:84560641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697540)"; flow:established,from_client; content:"GET"; http_method; content:"/dp2.check|3f|t=8g8wxlhv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c4n.forgehafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697540/; classtype:trojan-activity;sid:84560640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697539)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8134610967/dzccmur.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697539/; classtype:trojan-activity;sid:84560639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.214.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697538/; classtype:trojan-activity;sid:84560638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697536)"; flow:established,from_client; content:"GET"; http_method; content:"/7q.check|3f|t=s0gagik8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t3k.forgehafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697536/; classtype:trojan-activity;sid:84560636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697537)"; flow:established,from_client; content:"GET"; http_method; content:"/k66sn91exo.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t8.8-f-e8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697537/; classtype:trojan-activity;sid:84560637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.117.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697535/; classtype:trojan-activity;sid:84560635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697534)"; flow:established,from_client; content:"GET"; http_method; content:"/edqxn8wul5.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"b7k2.willowberg.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697534/; classtype:trojan-activity;sid:84560634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697533)"; flow:established,from_client; content:"GET"; http_method; content:"/8l4pqweo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t3k.forgehafen.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697533/; classtype:trojan-activity;sid:84560633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.68.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697532/; classtype:trojan-activity;sid:84560632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.168.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697531/; classtype:trojan-activity;sid:84560631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.92.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697530/; classtype:trojan-activity;sid:84560630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697529)"; flow:established,from_client; content:"GET"; http_method; content:"/ep.google|3f|t=2fni2zde"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rz.forgehafen.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697529/; classtype:trojan-activity;sid:84560629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697528)"; flow:established,from_client; content:"GET"; http_method; content:"/tkwxpdr0ub.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t8.8-f-e8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697528/; classtype:trojan-activity;sid:84560628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697526)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/kdgumlu.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697526/; classtype:trojan-activity;sid:84560626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697527)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/q4fjr4r.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697527/; classtype:trojan-activity;sid:84560627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697525/; classtype:trojan-activity;sid:84560625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697524)"; flow:established,from_client; content:"GET"; http_method; content:"/wa04.google|3f|t=bz0btxq6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"h9m.lunarlicht.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697524/; classtype:trojan-activity;sid:84560624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.68.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697523/; classtype:trojan-activity;sid:84560623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.168.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697522/; classtype:trojan-activity;sid:84560622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697521)"; flow:established,from_client; content:"GET"; http_method; content:"/u5k76ele5g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b7m2.7nf214.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697521/; classtype:trojan-activity;sid:84560621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697520)"; flow:established,from_client; content:"GET"; http_method; content:"/ty3.check|3f|t=j01nrg9k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x1.lunarlicht.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697520/; classtype:trojan-activity;sid:84560620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697519)"; flow:established,from_client; content:"GET"; http_method; content:"/efy1h2zd6w.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"x0p.willowberg.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697519/; classtype:trojan-activity;sid:84560619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697518)"; flow:established,from_client; content:"GET"; http_method; content:"/i43zgtws"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x1.lunarlicht.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697518/; classtype:trojan-activity;sid:84560618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.70.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697517/; classtype:trojan-activity;sid:84560617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.7.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697516/; classtype:trojan-activity;sid:84560616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697515)"; flow:established,from_client; content:"GET"; http_method; content:"/s65tw62am1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"3qd.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697515/; classtype:trojan-activity;sid:84560615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697514)"; flow:established,from_client; content:"GET"; http_method; content:"/rgwzwzjfi1.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"x0p.willowberg.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697514/; classtype:trojan-activity;sid:84560614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697512)"; flow:established,from_client; content:"GET"; http_method; content:"/u2tvck8x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q2k.lunarlicht.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697512/; classtype:trojan-activity;sid:84560612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697513)"; flow:established,from_client; content:"GET"; http_method; content:"/v0.google|3f|t=hzmi0hzh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q2k.lunarlicht.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697513/; classtype:trojan-activity;sid:84560613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697511)"; flow:established,from_client; content:"GET"; http_method; content:"/1za.check|3f|t=lmouwhe2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7x.lunarlicht.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697511/; classtype:trojan-activity;sid:84560611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697510)"; flow:established,from_client; content:"GET"; http_method; content:"/qzfeialq0e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"3qd.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697510/; classtype:trojan-activity;sid:84560610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.17.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697509/; classtype:trojan-activity;sid:84560609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697507)"; flow:established,from_client; content:"GET"; http_method; content:"/qm.google|3f|t=qib6ozh9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ab.lunarlicht.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697507/; classtype:trojan-activity;sid:84560607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697508)"; flow:established,from_client; content:"GET"; http_method; content:"/irhqtahckm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n1k.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697508/; classtype:trojan-activity;sid:84560608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697506)"; flow:established,from_client; content:"GET"; http_method; content:"/qcae3a2xpu.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"t1w.cometwald.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697506/; classtype:trojan-activity;sid:84560606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697505)"; flow:established,from_client; content:"GET"; http_method; content:"/yc3x7ccp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ab.lunarlicht.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697505/; classtype:trojan-activity;sid:84560605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.150.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697504/; classtype:trojan-activity;sid:84560604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.75.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697503/; classtype:trojan-activity;sid:84560603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.13.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697502/; classtype:trojan-activity;sid:84560602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697501)"; flow:established,from_client; content:"GET"; http_method; content:"/cxauf1v1y3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n1k.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697501/; classtype:trojan-activity;sid:84560601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697500)"; flow:established,from_client; content:"GET"; http_method; content:"/tn.check|3f|t=rmb1si9u"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"x.onyxmorgen.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697500/; classtype:trojan-activity;sid:84560600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.158.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697499/; classtype:trojan-activity;sid:84560599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697498)"; flow:established,from_client; content:"GET"; http_method; content:"/files/768560194/otkujnn.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697498/; classtype:trojan-activity;sid:84560598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697497)"; flow:established,from_client; content:"GET"; http_method; content:"/vgoimfuga9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wz0.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697497/; classtype:trojan-activity;sid:84560597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.35.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697496/; classtype:trojan-activity;sid:84560596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697495)"; flow:established,from_client; content:"GET"; http_method; content:"/0d4.google|3f|t=m66gkc42"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bz.onyxmorgen.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697495/; classtype:trojan-activity;sid:84560595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697494)"; flow:established,from_client; content:"GET"; http_method; content:"/lh00eqcxsp.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"m.cometwald.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697494/; classtype:trojan-activity;sid:84560594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697493)"; flow:established,from_client; content:"GET"; http_method; content:"/9v5773xs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bz.onyxmorgen.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697493/; classtype:trojan-activity;sid:84560593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697492)"; flow:established,from_client; content:"GET"; http_method; content:"/1kz.check|3f|t=e84d1wdx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q1.onyxmorgen.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697492/; classtype:trojan-activity;sid:84560592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697491)"; flow:established,from_client; content:"GET"; http_method; content:"/jj6x39k4xq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wz0.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697491/; classtype:trojan-activity;sid:84560591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.128.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697490/; classtype:trojan-activity;sid:84560590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.160.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697489/; classtype:trojan-activity;sid:84560589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697488)"; flow:established,from_client; content:"GET"; http_method; content:"/kyx9jmhpba.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"wz0.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697488/; classtype:trojan-activity;sid:84560588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697487)"; flow:established,from_client; content:"GET"; http_method; content:"/r8.google|3f|t=6f032e9y"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g5.onyxmorgen.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697487/; classtype:trojan-activity;sid:84560587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.193.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697486/; classtype:trojan-activity;sid:84560586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697485/; classtype:trojan-activity;sid:84560585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.158.212.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697484/; classtype:trojan-activity;sid:84560584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697483/; classtype:trojan-activity;sid:84560583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697482)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=0jdngx74"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.paradeabend.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697482/; classtype:trojan-activity;sid:84560582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.160.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697481/; classtype:trojan-activity;sid:84560581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.113.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697480/; classtype:trojan-activity;sid:84560580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.128.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697479/; classtype:trojan-activity;sid:84560579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697477)"; flow:established,from_client; content:"GET"; http_method; content:"/v31d043mrc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2p.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697477/; classtype:trojan-activity;sid:84560577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.193.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697478/; classtype:trojan-activity;sid:84560578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697476)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=76175o7d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.paradeabend.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697476/; classtype:trojan-activity;sid:84560576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.51.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697474/; classtype:trojan-activity;sid:84560574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.166.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697475/; classtype:trojan-activity;sid:84560575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.176.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697473/; classtype:trojan-activity;sid:84560573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697472)"; flow:established,from_client; content:"GET"; http_method; content:"/hwr1n9pnnw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2p.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697472/; classtype:trojan-activity;sid:84560572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697471)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=8tm2uxmu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p0.paradeabend.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697471/; classtype:trojan-activity;sid:84560571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697470)"; flow:established,from_client; content:"GET"; http_method; content:"/d7m.check|3f|t=m4o3qz5n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0z.sproutkraft.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697470/; classtype:trojan-activity;sid:84560570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697469)"; flow:established,from_client; content:"GET"; http_method; content:"/5sudcwvdve.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r2p.7nf214.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697469/; classtype:trojan-activity;sid:84560569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.23.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697468/; classtype:trojan-activity;sid:84560568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697467)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7838746815/km7tctd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697467/; classtype:trojan-activity;sid:84560567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.179.182.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697466/; classtype:trojan-activity;sid:84560566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697465/; classtype:trojan-activity;sid:84560565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697463)"; flow:established,from_client; content:"GET"; http_method; content:"/kxm7d8z45g.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"r7k2.sk-f0s.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697463/; classtype:trojan-activity;sid:84560563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697464)"; flow:established,from_client; content:"GET"; http_method; content:"/x3qak1d4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"v3.sproutkraft.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697464/; classtype:trojan-activity;sid:84560564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697462)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7336533485/bfsdtsc.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697462/; classtype:trojan-activity;sid:84560562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697461)"; flow:established,from_client; content:"GET"; http_method; content:"/l2.google|3f|t=wtll7huf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v3.sproutkraft.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697461/; classtype:trojan-activity;sid:84560561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697459)"; flow:established,from_client; content:"GET"; http_method; content:"/asqz33opea.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gh.7nf214.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697459/; classtype:trojan-activity;sid:84560559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697460)"; flow:established,from_client; content:"GET"; http_method; content:"/updater.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.137.241.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697460/; classtype:trojan-activity;sid:84560560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.92.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697458/; classtype:trojan-activity;sid:84560558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697457/; classtype:trojan-activity;sid:84560557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.149.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697456/; classtype:trojan-activity;sid:84560556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.4.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697455/; classtype:trojan-activity;sid:84560555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697454)"; flow:established,from_client; content:"GET"; http_method; content:"/4j8gd21pch.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"v1.sk-f0s.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697454/; classtype:trojan-activity;sid:84560554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697453)"; flow:established,from_client; content:"GET"; http_method; content:"/2h1slux2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h1.sproutkraft.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697453/; classtype:trojan-activity;sid:84560553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697452)"; flow:established,from_client; content:"GET"; http_method; content:"/nd3ax3lz9b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gh.7nf214.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697452/; classtype:trojan-activity;sid:84560552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697451)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=8b89hvy6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.sproutkraft.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697451/; classtype:trojan-activity;sid:84560551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.41.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697450/; classtype:trojan-activity;sid:84560550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697449/; classtype:trojan-activity;sid:84560549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.83.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697448/; classtype:trojan-activity;sid:84560548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.179.182.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697447/; classtype:trojan-activity;sid:84560547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697446)"; flow:established,from_client; content:"GET"; http_method; content:"/0uma8smqji.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"gh.7nf214.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697446/; classtype:trojan-activity;sid:84560546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697445)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=moaynrw2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.sproutkraft.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697445/; classtype:trojan-activity;sid:84560545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697444)"; flow:established,from_client; content:"GET"; http_method; content:"/9gvsik4j9p.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"h9p3.566318z8.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697444/; classtype:trojan-activity;sid:84560544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697443)"; flow:established,from_client; content:"GET"; http_method; content:"/nxpy9ow3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s.sproutkraft.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697443/; classtype:trojan-activity;sid:84560543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697442)"; flow:established,from_client; content:"GET"; http_method; content:"/18z469i1y4.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"h9p3.566318z8.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697442/; classtype:trojan-activity;sid:84560542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697441)"; flow:established,from_client; content:"GET"; http_method; content:"/4dzgfg52"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"n7.cobaltwolke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697441/; classtype:trojan-activity;sid:84560541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697440/; classtype:trojan-activity;sid:84560540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697438)"; flow:established,from_client; content:"GET"; http_method; content:"/r3m0m6eoox.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"h9p3.566318z8.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697438/; classtype:trojan-activity;sid:84560538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697439)"; flow:established,from_client; content:"GET"; http_method; content:"/pmywrquf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"n7.cobaltwolke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697439/; classtype:trojan-activity;sid:84560539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.23.129"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697437/; classtype:trojan-activity;sid:84560537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.186.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697436/; classtype:trojan-activity;sid:84560536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.82.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697435/; classtype:trojan-activity;sid:84560535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697434)"; flow:established,from_client; content:"GET"; http_method; content:"/pkmn07j1ui.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"z.566318z8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697434/; classtype:trojan-activity;sid:84560534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697433)"; flow:established,from_client; content:"GET"; http_method; content:"/m4qoie83"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t1.cobaltwolke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697433/; classtype:trojan-activity;sid:84560533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697432)"; flow:established,from_client; content:"GET"; http_method; content:"/6vwjt1qnqr.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"z.566318z8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697432/; classtype:trojan-activity;sid:84560532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697431)"; flow:established,from_client; content:"GET"; http_method; content:"/0d7gkvwe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"r9.cobaltwolke.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697431/; classtype:trojan-activity;sid:84560531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.211.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697430/; classtype:trojan-activity;sid:84560530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.83.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697429/; classtype:trojan-activity;sid:84560529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.75.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697428/; classtype:trojan-activity;sid:84560528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697427)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697427/; classtype:trojan-activity;sid:84560527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697425)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697425/; classtype:trojan-activity;sid:84560525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697426)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697426/; classtype:trojan-activity;sid:84560526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697424)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697424/; classtype:trojan-activity;sid:84560524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697421)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697421/; classtype:trojan-activity;sid:84560521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697422)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697422/; classtype:trojan-activity;sid:84560522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697423)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697423/; classtype:trojan-activity;sid:84560523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.186.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697420/; classtype:trojan-activity;sid:84560520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697419)"; flow:established,from_client; content:"GET"; http_method; content:"/tw19an3p1q.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"m2x.566318z8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697419/; classtype:trojan-activity;sid:84560519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697418)"; flow:established,from_client; content:"GET"; http_method; content:"/cr2dtjqw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x2.velvetnebel.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697418/; classtype:trojan-activity;sid:84560518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697417)"; flow:established,from_client; content:"GET"; http_method; content:"/local/xd.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.147.85.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697417/; classtype:trojan-activity;sid:84560517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.211.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697416/; classtype:trojan-activity;sid:84560516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.172.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697415/; classtype:trojan-activity;sid:84560515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697414)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6629342726/ocad0xd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697414/; classtype:trojan-activity;sid:84560514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697413)"; flow:established,from_client; content:"GET"; http_method; content:"/5l5okjot5v.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"q7.566318z8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697413/; classtype:trojan-activity;sid:84560513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697412)"; flow:established,from_client; content:"GET"; http_method; content:"/0xtizo3k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pc.velvetnebel.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697412/; classtype:trojan-activity;sid:84560512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.158.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697411/; classtype:trojan-activity;sid:84560511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.186.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697410/; classtype:trojan-activity;sid:84560510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697409/; classtype:trojan-activity;sid:84560509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.28.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697408/; classtype:trojan-activity;sid:84560508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697407)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697407/; classtype:trojan-activity;sid:84560507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697406)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697406/; classtype:trojan-activity;sid:84560506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697404)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697404/; classtype:trojan-activity;sid:84560504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.23.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697405/; classtype:trojan-activity;sid:84560505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697403/; classtype:trojan-activity;sid:84560503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697400)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697400/; classtype:trojan-activity;sid:84560500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697401)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697401/; classtype:trojan-activity;sid:84560501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.71.203.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697402/; classtype:trojan-activity;sid:84560502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697392)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697392/; classtype:trojan-activity;sid:84560492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697393)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697393/; classtype:trojan-activity;sid:84560493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.26.195.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697394/; classtype:trojan-activity;sid:84560494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697395)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697395/; classtype:trojan-activity;sid:84560495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697396)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697396/; classtype:trojan-activity;sid:84560496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.195.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697397/; classtype:trojan-activity;sid:84560497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697398)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697398/; classtype:trojan-activity;sid:84560498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.44.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697399/; classtype:trojan-activity;sid:84560499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697391)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697391/; classtype:trojan-activity;sid:84560491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.37.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697388/; classtype:trojan-activity;sid:84560488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.179.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697389/; classtype:trojan-activity;sid:84560489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.245.138.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697390/; classtype:trojan-activity;sid:84560490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697385)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.243.109.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697385/; classtype:trojan-activity;sid:84560485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697386/; classtype:trojan-activity;sid:84560486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.84.134.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697387/; classtype:trojan-activity;sid:84560487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.10.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697384/; classtype:trojan-activity;sid:84560484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697383/; classtype:trojan-activity;sid:84560483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.190.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697382/; classtype:trojan-activity;sid:84560482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697380)"; flow:established,from_client; content:"GET"; http_method; content:"/h9vy5jrs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cm.pixelstern.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697380/; classtype:trojan-activity;sid:84560480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697381)"; flow:established,from_client; content:"GET"; http_method; content:"/0ng3qji90w.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"b7k2.q3v8p.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697381/; classtype:trojan-activity;sid:84560481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697379)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.240.9.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697379/; classtype:trojan-activity;sid:84560479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697378)"; flow:established,from_client; content:"GET"; http_method; content:"/0zu5qh2jw4.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"b7k2.q3v8p.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697378/; classtype:trojan-activity;sid:84560478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697377)"; flow:established,from_client; content:"GET"; http_method; content:"/ov0tilga"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y7.pixelstern.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697377/; classtype:trojan-activity;sid:84560477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697376/; classtype:trojan-activity;sid:84560476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.28.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697375/; classtype:trojan-activity;sid:84560475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697374)"; flow:established,from_client; content:"GET"; http_method; content:"/x0ugldlgs8.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"x0p.q3v8p.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697374/; classtype:trojan-activity;sid:84560474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697373)"; flow:established,from_client; content:"GET"; http_method; content:"/4ms1lod8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y7.pixelstern.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697373/; classtype:trojan-activity;sid:84560473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.23.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697372/; classtype:trojan-activity;sid:84560472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.162.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697371/; classtype:trojan-activity;sid:84560471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.171.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697370/; classtype:trojan-activity;sid:84560470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697369)"; flow:established,from_client; content:"GET"; http_method; content:"/r4t2ty4q22.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"29q.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697369/; classtype:trojan-activity;sid:84560469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697368)"; flow:established,from_client; content:"GET"; http_method; content:"/0v9.google|3f|t=po1a4ane"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.pixelstern.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697368/; classtype:trojan-activity;sid:84560468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697366)"; flow:established,from_client; content:"GET"; http_method; content:"/pk2.check|3f|t=2hdk454e"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z1.falconhimmel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697366/; classtype:trojan-activity;sid:84560466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697367)"; flow:established,from_client; content:"GET"; http_method; content:"/jk8nvqpya5.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h1p.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697367/; classtype:trojan-activity;sid:84560467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697365)"; flow:established,from_client; content:"GET"; http_method; content:"/k2ztchbhd9.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h1p.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697365/; classtype:trojan-activity;sid:84560465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697364)"; flow:established,from_client; content:"GET"; http_method; content:"/m3.google|3f|t=7codnn2j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bd.falconhimmel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697364/; classtype:trojan-activity;sid:84560464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697363)"; flow:established,from_client; content:"GET"; http_method; content:"/j0g0u2o4on.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"v1.q3v8p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697363/; classtype:trojan-activity;sid:84560463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697362)"; flow:established,from_client; content:"GET"; http_method; content:"/n5cvnudn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bd.falconhimmel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697362/; classtype:trojan-activity;sid:84560462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.195.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697361/; classtype:trojan-activity;sid:84560461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697360)"; flow:established,from_client; content:"GET"; http_method; content:"/50jdn37gt8.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wz0.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697360/; classtype:trojan-activity;sid:84560460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697359)"; flow:established,from_client; content:"GET"; http_method; content:"/4ta.check|3f|t=5fv5cqdo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q4.falconhimmel.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697359/; classtype:trojan-activity;sid:84560459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.37.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697358/; classtype:trojan-activity;sid:84560458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697357)"; flow:established,from_client; content:"GET"; http_method; content:"/yn.google|3f|t=e0r19e3n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"g.falconhimmel.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697357/; classtype:trojan-activity;sid:84560457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697356)"; flow:established,from_client; content:"GET"; http_method; content:"/i4q6mvha45.1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"op.2218pb.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697356/; classtype:trojan-activity;sid:84560456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697355)"; flow:established,from_client; content:"GET"; http_method; content:"/aw9vr5mz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"g.falconhimmel.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697355/; classtype:trojan-activity;sid:84560455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.61.51.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697354/; classtype:trojan-activity;sid:84560454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.15.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697353/; classtype:trojan-activity;sid:84560453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697352)"; flow:established,from_client; content:"GET"; http_method; content:"/gqv2ey79q1.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k4r2.n-61-5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697352/; classtype:trojan-activity;sid:84560452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697351)"; flow:established,from_client; content:"GET"; http_method; content:"/am1.check|3f|t=puboe5ko"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kz.harborfreund.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697351/; classtype:trojan-activity;sid:84560451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.37.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697350/; classtype:trojan-activity;sid:84560450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697348)"; flow:established,from_client; content:"GET"; http_method; content:"/0r2.google|3f|t=1nh8qplk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"1m.harborfreund.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697348/; classtype:trojan-activity;sid:84560448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697349)"; flow:established,from_client; content:"GET"; http_method; content:"/1w3lc3jerh.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vj3.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697349/; classtype:trojan-activity;sid:84560449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697347)"; flow:established,from_client; content:"GET"; http_method; content:"/at6qxsazma.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vj3.n-61-5.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697347/; classtype:trojan-activity;sid:84560447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697346)"; flow:established,from_client; content:"GET"; http_method; content:"/q7p.check|3f|t=0tl2zui5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.harborfreund.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697346/; classtype:trojan-activity;sid:84560446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.182.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697345/; classtype:trojan-activity;sid:84560445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697344)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=si837qxl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.harborfreund.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697344/; classtype:trojan-activity;sid:84560444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697343)"; flow:established,from_client; content:"GET"; http_method; content:"/wl60ce3dfg.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g8.n-61-5.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697343/; classtype:trojan-activity;sid:84560443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.202.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697342/; classtype:trojan-activity;sid:84560442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697341)"; flow:established,from_client; content:"GET"; http_method; content:"/2kfg0dnji1.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t2k8.d-k-6j.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697341/; classtype:trojan-activity;sid:84560441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697340)"; flow:established,from_client; content:"GET"; http_method; content:"/tb9.check|3f|t=1fpim1yt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0z.cloverschnee.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697340/; classtype:trojan-activity;sid:84560440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.171.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697339/; classtype:trojan-activity;sid:84560439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.43.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697338/; classtype:trojan-activity;sid:84560438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.21.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697337/; classtype:trojan-activity;sid:84560437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.135.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697336/; classtype:trojan-activity;sid:84560436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.202.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697335/; classtype:trojan-activity;sid:84560435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.153.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697334/; classtype:trojan-activity;sid:84560434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.140.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697333/; classtype:trojan-activity;sid:84560433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697332)"; flow:established,from_client; content:"GET"; http_method; content:"/a8wyjg2ypi.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cmv.d-k-6j.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697332/; classtype:trojan-activity;sid:84560432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697331)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=23emaxfm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h2.cloverschnee.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697331/; classtype:trojan-activity;sid:84560431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697330)"; flow:established,from_client; content:"GET"; http_method; content:"/pvbkqp7yif.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zk8.384v2271.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697330/; classtype:trojan-activity;sid:84560430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697329)"; flow:established,from_client; content:"GET"; http_method; content:"/uhl5trhw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s.cloverschnee.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697329/; classtype:trojan-activity;sid:84560429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.171.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697328/; classtype:trojan-activity;sid:84560428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697327)"; flow:established,from_client; content:"GET"; http_method; content:"/gjs723xr2l.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r01.d-k-6j.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697327/; classtype:trojan-activity;sid:84560427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697326)"; flow:established,from_client; content:"GET"; http_method; content:"/d73.check|3f|t=t6xhotmk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x1.embergarten.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697326/; classtype:trojan-activity;sid:84560426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697325)"; flow:established,from_client; content:"GET"; http_method; content:"/ppalrhne5p.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1x.384v2271.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697325/; classtype:trojan-activity;sid:84560425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697324)"; flow:established,from_client; content:"GET"; http_method; content:"/jzy8h9ih"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x1.embergarten.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697324/; classtype:trojan-activity;sid:84560424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.135.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697323/; classtype:trojan-activity;sid:84560423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697322)"; flow:established,from_client; content:"GET"; http_method; content:"/l2w.google|3f|t=zg61woqc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q2.embergarten.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697322/; classtype:trojan-activity;sid:84560422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697321)"; flow:established,from_client; content:"GET"; http_method; content:"/nu2143eeds.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b7n.d-k-6j.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697321/; classtype:trojan-activity;sid:84560421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.153.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697320/; classtype:trojan-activity;sid:84560420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.253.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697319/; classtype:trojan-activity;sid:84560419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.244.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697317/; classtype:trojan-activity;sid:84560417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.133.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697318/; classtype:trojan-activity;sid:84560418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697316)"; flow:established,from_client; content:"GET"; http_method; content:"/docmon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"planner5dl.site"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697316/; classtype:trojan-activity;sid:84560416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.129.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697315/; classtype:trojan-activity;sid:84560415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.34.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697314/; classtype:trojan-activity;sid:84560414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697313)"; flow:established,from_client; content:"GET"; http_method; content:"/uuscd03dzd.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xq9.d-k-6j.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697313/; classtype:trojan-activity;sid:84560413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697312)"; flow:established,from_client; content:"GET"; http_method; content:"/9f2.check|3f|t=h680289y"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.embergarten.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697312/; classtype:trojan-activity;sid:84560412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.10.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697311/; classtype:trojan-activity;sid:84560411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697309)"; flow:established,from_client; content:"GET"; http_method; content:"/tgw7b2aboy.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a4.d-k-6j.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697309/; classtype:trojan-activity;sid:84560409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697310)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=7jdzwlo6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.embergarten.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697310/; classtype:trojan-activity;sid:84560410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697308)"; flow:established,from_client; content:"GET"; http_method; content:"/qvr.google|3f|t=izvrfch6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bpu.v4-z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697308/; classtype:trojan-activity;sid:84560408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697307)"; flow:established,from_client; content:"GET"; http_method; content:"/a20pwd5pt0.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a4.d-k-6j.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697307/; classtype:trojan-activity;sid:84560407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.244.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697306/; classtype:trojan-activity;sid:84560406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.133.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697305/; classtype:trojan-activity;sid:84560405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.10.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697304/; classtype:trojan-activity;sid:84560404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697303)"; flow:established,from_client; content:"GET"; http_method; content:"/hwtb0aryj4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dv6.kgto6b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697303/; classtype:trojan-activity;sid:84560403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.92.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697301/; classtype:trojan-activity;sid:84560401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697302)"; flow:established,from_client; content:"GET"; http_method; content:"/5lu.google|3f|t=oe6fsz1t"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mlo.j-7m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697302/; classtype:trojan-activity;sid:84560402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.190.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697300/; classtype:trojan-activity;sid:84560400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.34.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697299/; classtype:trojan-activity;sid:84560399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.209.76.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697298/; classtype:trojan-activity;sid:84560398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697296)"; flow:established,from_client; content:"GET"; http_method; content:"/6l.google|3f|t=0uusrdam"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9yi.j935.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697296/; classtype:trojan-activity;sid:84560396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697297)"; flow:established,from_client; content:"GET"; http_method; content:"/h9eru4uzuk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p0x.kgto6b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697297/; classtype:trojan-activity;sid:84560397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.31.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697295/; classtype:trojan-activity;sid:84560395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697294)"; flow:established,from_client; content:"GET"; http_method; content:"/6u.google|3f|t=0pca2pn5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e7f.oqtx.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697294/; classtype:trojan-activity;sid:84560394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697293)"; flow:established,from_client; content:"GET"; http_method; content:"/u8w6bxrxiv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p0x.kgto6b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697293/; classtype:trojan-activity;sid:84560393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697292)"; flow:established,from_client; content:"GET"; http_method; content:"/53bgdq5c"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e7f.oqtx.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697292/; classtype:trojan-activity;sid:84560392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697291)"; flow:established,from_client; content:"GET"; http_method; content:"/e4gaku5b31.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xa2.027-7i.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697291/; classtype:trojan-activity;sid:84560391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.45.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697290/; classtype:trojan-activity;sid:84560390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697289)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/vgjr2lm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697289/; classtype:trojan-activity;sid:84560389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.254.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697288/; classtype:trojan-activity;sid:84560388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.31.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697287/; classtype:trojan-activity;sid:84560387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.55.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697286/; classtype:trojan-activity;sid:84560386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697284)"; flow:established,from_client; content:"GET"; http_method; content:"/0n.google|3f|t=trao23c7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5wf.yw9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697284/; classtype:trojan-activity;sid:84560384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697285)"; flow:established,from_client; content:"GET"; http_method; content:"/1pr280il8n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t9h3.kgto6b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697285/; classtype:trojan-activity;sid:84560385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.209.76.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697283/; classtype:trojan-activity;sid:84560383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697282)"; flow:established,from_client; content:"GET"; http_method; content:"/l6pgtbetzt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t9h3.kgto6b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697282/; classtype:trojan-activity;sid:84560382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697281)"; flow:established,from_client; content:"GET"; http_method; content:"/s50.google|3f|t=pi6ul32a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hp.5g-t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697281/; classtype:trojan-activity;sid:84560381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.37.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697280/; classtype:trojan-activity;sid:84560380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.45.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697279/; classtype:trojan-activity;sid:84560379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697278)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/o7zrzsu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697278/; classtype:trojan-activity;sid:84560378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.189.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697276/; classtype:trojan-activity;sid:84560376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697277/; classtype:trojan-activity;sid:84560377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697275)"; flow:established,from_client; content:"GET"; http_method; content:"/3l.google|3f|t=qeunlong"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uq.v4-z.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697275/; classtype:trojan-activity;sid:84560375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697274)"; flow:established,from_client; content:"GET"; http_method; content:"/kwvfeu09qf.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r6.027-7i.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697274/; classtype:trojan-activity;sid:84560374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697273)"; flow:established,from_client; content:"GET"; http_method; content:"/vblyi49f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uq.v4-z.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697273/; classtype:trojan-activity;sid:84560373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697272)"; flow:established,from_client; content:"GET"; http_method; content:"/q4p85yetom.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"za1.kgto6b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697272/; classtype:trojan-activity;sid:84560372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697271)"; flow:established,from_client; content:"GET"; http_method; content:"/er.check|3f|t=mn1bq2jf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"uh.67tf.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697271/; classtype:trojan-activity;sid:84560371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697270)"; flow:established,from_client; content:"GET"; http_method; content:"/h/upd.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fashion121fashion.top"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697270/; classtype:trojan-activity;sid:84560370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.55.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697269/; classtype:trojan-activity;sid:84560369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.2.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697268/; classtype:trojan-activity;sid:84560368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697267)"; flow:established,from_client; content:"GET"; http_method; content:"/ge9lu1efrt.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y7m4.lweaq9b.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697267/; classtype:trojan-activity;sid:84560367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697266)"; flow:established,from_client; content:"GET"; http_method; content:"/0n6ldj4z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x74.j-7m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697266/; classtype:trojan-activity;sid:84560366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.123.19.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697265/; classtype:trojan-activity;sid:84560365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697264)"; flow:established,from_client; content:"GET"; http_method; content:"/480/sjdhf00vcb98sd0wjhjcmvnmsdfkjk0fs90c88b0d00s0cv89sdjjhj98vx0c0xc0v0cx08xcv0xcv.txt"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697264/; classtype:trojan-activity;sid:84560364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697263)"; flow:established,from_client; content:"GET"; http_method; content:"/469/0e0fd0g0we00we0r3990dfg0dfg0g9df09xcvxcv90s900sg0g0sxcv00s9f0s9sd0f90.hta"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697263/; classtype:trojan-activity;sid:84560363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697262)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/vmdocumentos.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversappsos.duckdns.org"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697262/; classtype:trojan-activity;sid:84560362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.135.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697261/; classtype:trojan-activity;sid:84560361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.85.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697260/; classtype:trojan-activity;sid:84560360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.148.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697259/; classtype:trojan-activity;sid:84560359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.2.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697258/; classtype:trojan-activity;sid:84560358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697257)"; flow:established,from_client; content:"GET"; http_method; content:"/1oba7zb4uj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2v.kgto6b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697257/; classtype:trojan-activity;sid:84560357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697256)"; flow:established,from_client; content:"GET"; http_method; content:"/4c1.check|3f|t=9a6zgc63"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x74.j-7m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697256/; classtype:trojan-activity;sid:84560356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.243.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697254/; classtype:trojan-activity;sid:84560354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697253)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.236.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697253/; classtype:trojan-activity;sid:84560353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.223.210.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697252/; classtype:trojan-activity;sid:84560352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.71.203.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697251/; classtype:trojan-activity;sid:84560351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697249)"; flow:established,from_client; content:"GET"; http_method; content:"/z0y.google|3f|t=kjxdd7q9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"my.znx7.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697249/; classtype:trojan-activity;sid:84560349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697250)"; flow:established,from_client; content:"GET"; http_method; content:"/zw6x3b7067.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7.kgto6b.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697250/; classtype:trojan-activity;sid:84560350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.189.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697248/; classtype:trojan-activity;sid:84560348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697247)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yqglnlkq4nszab9d-isffrczfgwt3p1z"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697247/; classtype:trojan-activity;sid:84560347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697246)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gw3ymr1icj9kb65qgulvgqo5lw2edehs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697246/; classtype:trojan-activity;sid:84560346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697245)"; flow:established,from_client; content:"GET"; http_method; content:"/a0euyu1n6a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7.kgto6b.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697245/; classtype:trojan-activity;sid:84560345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697244)"; flow:established,from_client; content:"GET"; http_method; content:"/nb.check|3f|t=totlzp4d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"vhi.j935.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697244/; classtype:trojan-activity;sid:84560344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.74.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697243/; classtype:trojan-activity;sid:84560343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.135.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697242/; classtype:trojan-activity;sid:84560342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/d.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697241/; classtype:trojan-activity;sid:84560341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697240)"; flow:established,from_client; content:"GET"; http_method; content:"/9t0ltv.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697240/; classtype:trojan-activity;sid:84560340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697239/; classtype:trojan-activity;sid:84560339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.21.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697238/; classtype:trojan-activity;sid:84560338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697237)"; flow:established,from_client; content:"GET"; http_method; content:"/c6d17zced2.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n8z.lweaq9b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697237/; classtype:trojan-activity;sid:84560337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.94.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697236/; classtype:trojan-activity;sid:84560336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697235)"; flow:established,from_client; content:"GET"; http_method; content:"/675d47bl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2cr.4qo8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697235/; classtype:trojan-activity;sid:84560335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.208.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697234/; classtype:trojan-activity;sid:84560334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.213.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697233/; classtype:trojan-activity;sid:84560333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.18.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697232/; classtype:trojan-activity;sid:84560332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.91.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697231/; classtype:trojan-activity;sid:84560331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.149.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697230/; classtype:trojan-activity;sid:84560330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697229)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/knjhfvy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697229/; classtype:trojan-activity;sid:84560329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697228)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/in6c6sb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697228/; classtype:trojan-activity;sid:84560328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.21.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697225/; classtype:trojan-activity;sid:84560325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.176.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697226/; classtype:trojan-activity;sid:84560326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697227/; classtype:trojan-activity;sid:84560327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.88.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697224/; classtype:trojan-activity;sid:84560324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.218.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697223/; classtype:trojan-activity;sid:84560323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697222/; classtype:trojan-activity;sid:84560322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697221)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/2zvewwv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697221/; classtype:trojan-activity;sid:84560321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.213.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697220/; classtype:trojan-activity;sid:84560320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.91.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697219/; classtype:trojan-activity;sid:84560319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697218)"; flow:established,from_client; content:"GET"; http_method; content:"/myj0opxfrz.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t8cz.y2u-72.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697218/; classtype:trojan-activity;sid:84560318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697217)"; flow:established,from_client; content:"GET"; http_method; content:"/yysuxosq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7yf.67tf.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697217/; classtype:trojan-activity;sid:84560317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.0.136.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697216/; classtype:trojan-activity;sid:84560316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697214)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8079234796/olhos16.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697214/; classtype:trojan-activity;sid:84560314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.163.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697215/; classtype:trojan-activity;sid:84560315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.218.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697213/; classtype:trojan-activity;sid:84560313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.224.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697212/; classtype:trojan-activity;sid:84560312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697211/; classtype:trojan-activity;sid:84560311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697210/; classtype:trojan-activity;sid:84560310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697209)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"controllerjs.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697209/; classtype:trojan-activity;sid:84560309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697208)"; flow:established,from_client; content:"GET"; http_method; content:"/scan-doc794559.pdf.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"securefiledepot.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697208/; classtype:trojan-activity;sid:84560308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.15.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697207/; classtype:trojan-activity;sid:84560307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.149.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697203/; classtype:trojan-activity;sid:84560303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.36.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697204/; classtype:trojan-activity;sid:84560304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.163.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697205/; classtype:trojan-activity;sid:84560305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.122.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697206/; classtype:trojan-activity;sid:84560306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697198)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"kislonij.pro"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697198/; classtype:trojan-activity;sid:84560298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.244.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697199/; classtype:trojan-activity;sid:84560299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.82.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697200/; classtype:trojan-activity;sid:84560300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.67.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697201/; classtype:trojan-activity;sid:84560301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.101.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697202/; classtype:trojan-activity;sid:84560302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.49.211.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697197/; classtype:trojan-activity;sid:84560297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697196)"; flow:established,from_client; content:"GET"; http_method; content:"/xmr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.46.158.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697196/; classtype:trojan-activity;sid:84560296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697195)"; flow:established,from_client; content:"GET"; http_method; content:"/d.js"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cpajoliette.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697195/; classtype:trojan-activity;sid:84560295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697194)"; flow:established,from_client; content:"GET"; http_method; content:"/8hqiffi0nv.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g7ya.y2u-72.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697194/; classtype:trojan-activity;sid:84560294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697193)"; flow:established,from_client; content:"GET"; http_method; content:"/01istl74"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lr.znx7.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697193/; classtype:trojan-activity;sid:84560293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697192)"; flow:established,from_client; content:"GET"; http_method; content:"/1a1euw9foo.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g7ya.y2u-72.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697192/; classtype:trojan-activity;sid:84560292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697191)"; flow:established,from_client; content:"GET"; http_method; content:"/r3jxmj54"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"d1o.j935.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697191/; classtype:trojan-activity;sid:84560291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.254.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697190/; classtype:trojan-activity;sid:84560290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697189/; classtype:trojan-activity;sid:84560289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.0.136.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697188/; classtype:trojan-activity;sid:84560288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.157.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697186/; classtype:trojan-activity;sid:84560286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697187/; classtype:trojan-activity;sid:84560287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.198.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697185/; classtype:trojan-activity;sid:84560285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697184)"; flow:established,from_client; content:"GET"; http_method; content:"/y4ad3w3j"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"io8.oqtx.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697184/; classtype:trojan-activity;sid:84560284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697183)"; flow:established,from_client; content:"GET"; http_method; content:"/ntwne3svc6.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"s2lmx.y2u-72.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697183/; classtype:trojan-activity;sid:84560283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.179.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697182/; classtype:trojan-activity;sid:84560282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.18.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697181/; classtype:trojan-activity;sid:84560281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697180/; classtype:trojan-activity;sid:84560280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.226.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697178/; classtype:trojan-activity;sid:84560278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.58.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697179/; classtype:trojan-activity;sid:84560279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.55.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697177/; classtype:trojan-activity;sid:84560277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.148.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697176/; classtype:trojan-activity;sid:84560276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697175/; classtype:trojan-activity;sid:84560275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697174/; classtype:trojan-activity;sid:84560274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697173)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/49evsjr.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697173/; classtype:trojan-activity;sid:84560273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697172)"; flow:established,from_client; content:"GET"; http_method; content:"/6oj.check|3f|t=f8kytcpy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lga.5g-t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697172/; classtype:trojan-activity;sid:84560272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697171)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/qq64ifl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697171/; classtype:trojan-activity;sid:84560271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697170)"; flow:established,from_client; content:"GET"; http_method; content:"/files/smm_traff/random.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697170/; classtype:trojan-activity;sid:84560270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.232.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697169/; classtype:trojan-activity;sid:84560269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.58.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697168/; classtype:trojan-activity;sid:84560268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697167)"; flow:established,from_client; content:"GET"; http_method; content:"/u9k.google|3f|t=duybbel4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"k7.v4-z.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697167/; classtype:trojan-activity;sid:84560267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697166)"; flow:established,from_client; content:"GET"; http_method; content:"/stasik.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"exofoods.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697166/; classtype:trojan-activity;sid:84560266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.197.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697165/; classtype:trojan-activity;sid:84560265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697164)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6357156118/v9aq0oo.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697164/; classtype:trojan-activity;sid:84560264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697162)"; flow:established,from_client; content:"GET"; http_method; content:"/files/502259649/valpntr.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697162/; classtype:trojan-activity;sid:84560262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697163)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/glc6psq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697163/; classtype:trojan-activity;sid:84560263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.242.210.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697161/; classtype:trojan-activity;sid:84560261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697160/; classtype:trojan-activity;sid:84560260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.232.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697159/; classtype:trojan-activity;sid:84560259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.93.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697158/; classtype:trojan-activity;sid:84560258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.197.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697157/; classtype:trojan-activity;sid:84560257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.13.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697156/; classtype:trojan-activity;sid:84560256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.71.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697155/; classtype:trojan-activity;sid:84560255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697154)"; flow:established,from_client; content:"GET"; http_method; content:"/xf.check|3f|t=nghzi127"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"zon.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697154/; classtype:trojan-activity;sid:84560254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697153)"; flow:established,from_client; content:"GET"; http_method; content:"/i87c18c626.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g7c5.kzg-w-4y.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697153/; classtype:trojan-activity;sid:84560253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.242.210.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697152/; classtype:trojan-activity;sid:84560252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697151)"; flow:established,from_client; content:"GET"; http_method; content:"/mods26t29b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2q9a.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697151/; classtype:trojan-activity;sid:84560251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697150)"; flow:established,from_client; content:"GET"; http_method; content:"/hd1.check|3f|t=p2sjp6df"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9xz.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697150/; classtype:trojan-activity;sid:84560250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697149)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/fgptmxd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697149/; classtype:trojan-activity;sid:84560249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697148)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/gl0ygtd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697148/; classtype:trojan-activity;sid:84560248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697147)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/2o7gwsz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697147/; classtype:trojan-activity;sid:84560247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697146)"; flow:established,from_client; content:"GET"; http_method; content:"/files/503008312/c8c1bbe.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697146/; classtype:trojan-activity;sid:84560246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.75.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697145/; classtype:trojan-activity;sid:84560245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697144/; classtype:trojan-activity;sid:84560244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697143)"; flow:established,from_client; content:"GET"; http_method; content:"/bolwkw7i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9xz.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697143/; classtype:trojan-activity;sid:84560243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697142)"; flow:established,from_client; content:"GET"; http_method; content:"/pj0ehp316v.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e9rn.y2u-72.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697142/; classtype:trojan-activity;sid:84560242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697141)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7559408112/8rsl970.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697141/; classtype:trojan-activity;sid:84560241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697139)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/1yb0enm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697139/; classtype:trojan-activity;sid:84560239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697140)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mr/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697140/; classtype:trojan-activity;sid:84560240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697138)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5851730241/fzcgcte.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697138/; classtype:trojan-activity;sid:84560238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697137)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/06bk6nu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697137/; classtype:trojan-activity;sid:84560237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697136)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6331503294/dpzcory.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697136/; classtype:trojan-activity;sid:84560236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697135)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7120586914/awt7wkb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697135/; classtype:trojan-activity;sid:84560235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697134)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/ki6doqb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697134/; classtype:trojan-activity;sid:84560234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697132)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5561582465/fz0oky4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697132/; classtype:trojan-activity;sid:84560232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697133)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/hcbsxxl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697133/; classtype:trojan-activity;sid:84560233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.242.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697131/; classtype:trojan-activity;sid:84560231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697130/; classtype:trojan-activity;sid:84560230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697129)"; flow:established,from_client; content:"GET"; http_method; content:"/kbd8lv5bnv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2q9a.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697129/; classtype:trojan-activity;sid:84560229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697128)"; flow:established,from_client; content:"GET"; http_method; content:"/jg.check|3f|t=oort30h5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qak.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697128/; classtype:trojan-activity;sid:84560228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697127/; classtype:trojan-activity;sid:84560227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697126)"; flow:established,from_client; content:"GET"; http_method; content:"/pja1uy9e"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ljh.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697126/; classtype:trojan-activity;sid:84560226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697125)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique3/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697125/; classtype:trojan-activity;sid:84560225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697124)"; flow:established,from_client; content:"GET"; http_method; content:"/jpbjzt71m5.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u5q8.y2u-72.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697124/; classtype:trojan-activity;sid:84560224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697123)"; flow:established,from_client; content:"GET"; http_method; content:"/gfhf4xzlml.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0bn4.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697123/; classtype:trojan-activity;sid:84560223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697122)"; flow:established,from_client; content:"GET"; http_method; content:"/3h.check|3f|t=ey7ujayw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ljh.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697122/; classtype:trojan-activity;sid:84560222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697120)"; flow:established,from_client; content:"GET"; http_method; content:"/zt.check|3f|t=0f6fg9t9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"frt.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697120/; classtype:trojan-activity;sid:84560220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697121)"; flow:established,from_client; content:"GET"; http_method; content:"/8zw1n1gzna.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0bn4.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697121/; classtype:trojan-activity;sid:84560221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.127.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697119/; classtype:trojan-activity;sid:84560219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697118/; classtype:trojan-activity;sid:84560218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.242.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697117/; classtype:trojan-activity;sid:84560217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697115)"; flow:established,from_client; content:"GET"; http_method; content:"/gvpvovbu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2pq.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697115/; classtype:trojan-activity;sid:84560215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697116)"; flow:established,from_client; content:"GET"; http_method; content:"/bit587tev1.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n6q.i1msth.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697116/; classtype:trojan-activity;sid:84560216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.190.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697114/; classtype:trojan-activity;sid:84560214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697113/; classtype:trojan-activity;sid:84560213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697112)"; flow:established,from_client; content:"GET"; http_method; content:"/9duzumrd1d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p8t3k.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697112/; classtype:trojan-activity;sid:84560212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697111)"; flow:established,from_client; content:"GET"; http_method; content:"/jq0.google|3f|t=wlb9oh1s"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"00x.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697111/; classtype:trojan-activity;sid:84560211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.32.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697110/; classtype:trojan-activity;sid:84560210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.105.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697109/; classtype:trojan-activity;sid:84560209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697108)"; flow:established,from_client; content:"GET"; http_method; content:"/f7.google|3f|t=uml0m3mn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x9.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697108/; classtype:trojan-activity;sid:84560208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697107)"; flow:established,from_client; content:"GET"; http_method; content:"/n2iefqzyvk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p8t3k.kzg-w-4y.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697107/; classtype:trojan-activity;sid:84560207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697106)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cup7.billingfox.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697106/; classtype:trojan-activity;sid:84560206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697105)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"go4it.tarotbag.digital"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697105/; classtype:trojan-activity;sid:84560205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697104)"; flow:established,from_client; content:"GET"; http_method; content:"/qp2eo5facl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1r6.kzg-w-4y.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697104/; classtype:trojan-activity;sid:84560204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697103)"; flow:established,from_client; content:"GET"; http_method; content:"/ybk.google|3f|t=eox242ll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5x.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697103/; classtype:trojan-activity;sid:84560203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697102)"; flow:established,from_client; content:"GET"; http_method; content:"/agent.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"antifs.site"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697102/; classtype:trojan-activity;sid:84560202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697101)"; flow:established,from_client; content:"GET"; http_method; content:"/signalaway.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"signalaway.world"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697101/; classtype:trojan-activity;sid:84560201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697100)"; flow:established,from_client; content:"GET"; http_method; content:"/dlq/180_25e5_2586_25b0_25e9_259b_25aa_25e6_2598_259f_25e7_258e_258b_25e5_2590_2588_25e5_2587_25bb.rar"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"pk256.xin"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697100/; classtype:trojan-activity;sid:84560200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697099)"; flow:established,from_client; content:"GET"; http_method; content:"/bezprobok.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bezprobok.pro"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697099/; classtype:trojan-activity;sid:84560199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697098)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=tgpebjtxdrfj2u5fjtpre008.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"i-slept-with-ur.mom"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697098/; classtype:trojan-activity;sid:84560198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697097)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=qtuvl0pcseglafunszpre008.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"vcc-library.uk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697097/; classtype:trojan-activity;sid:84560197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697096)"; flow:established,from_client; content:"GET"; http_method; content:"/dva.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.226.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697096/; classtype:trojan-activity;sid:84560196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697094)"; flow:established,from_client; content:"GET"; http_method; content:"/cz.check|3f|t=zf9lib24"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"04.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697094/; classtype:trojan-activity;sid:84560194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697095)"; flow:established,from_client; content:"GET"; http_method; content:"/tvrzkwy0xb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1r6.kzg-w-4y.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697095/; classtype:trojan-activity;sid:84560195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.74.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697093/; classtype:trojan-activity;sid:84560193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.213.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697092/; classtype:trojan-activity;sid:84560192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.105.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697091/; classtype:trojan-activity;sid:84560191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697090)"; flow:established,from_client; content:"GET"; http_method; content:"/hkmqka65"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"04.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697090/; classtype:trojan-activity;sid:84560190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697089)"; flow:established,from_client; content:"GET"; http_method; content:"/zonfm995lo.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u5bd1.i1msth.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697089/; classtype:trojan-activity;sid:84560189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.207.52.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697088/; classtype:trojan-activity;sid:84560188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.150.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697087/; classtype:trojan-activity;sid:84560187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.233.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697086/; classtype:trojan-activity;sid:84560186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.140.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697085/; classtype:trojan-activity;sid:84560185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.135.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697084/; classtype:trojan-activity;sid:84560184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.9.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697083/; classtype:trojan-activity;sid:84560183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.233.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697082/; classtype:trojan-activity;sid:84560182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.207.52.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697081/; classtype:trojan-activity;sid:84560181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697079/; classtype:trojan-activity;sid:84560179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.140.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697080/; classtype:trojan-activity;sid:84560180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697078)"; flow:established,from_client; content:"GET"; http_method; content:"/a6xrbn5uka.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n3w7a.gfk-8120.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697078/; classtype:trojan-activity;sid:84560178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697077)"; flow:established,from_client; content:"GET"; http_method; content:"/spi.google|3f|t=v3o7udlf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"d9.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697077/; classtype:trojan-activity;sid:84560177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.76.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697076/; classtype:trojan-activity;sid:84560176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697074)"; flow:established,from_client; content:"GET"; http_method; content:"/co0nk6ihzn.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k0sj.i1msth.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697074/; classtype:trojan-activity;sid:84560174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697075)"; flow:established,from_client; content:"GET"; http_method; content:"/40f2xh01"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"d9.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697075/; classtype:trojan-activity;sid:84560175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697073/; classtype:trojan-activity;sid:84560173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.135.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697072/; classtype:trojan-activity;sid:84560172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697071)"; flow:established,from_client; content:"GET"; http_method; content:"/le9opakhea.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k0sj.i1msth.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697071/; classtype:trojan-activity;sid:84560171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697070)"; flow:established,from_client; content:"GET"; http_method; content:"/b5q7ppe5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m7.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697070/; classtype:trojan-activity;sid:84560170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.76.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697069/; classtype:trojan-activity;sid:84560169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697068/; classtype:trojan-activity;sid:84560168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697067)"; flow:established,from_client; content:"GET"; http_method; content:"/u0409oqb3y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n3w7a.gfk-8120.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697067/; classtype:trojan-activity;sid:84560167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697066)"; flow:established,from_client; content:"GET"; http_method; content:"/8h.google|3f|t=7jotivni"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m7.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697066/; classtype:trojan-activity;sid:84560166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.74.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697065/; classtype:trojan-activity;sid:84560165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697064/; classtype:trojan-activity;sid:84560164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.121.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697063/; classtype:trojan-activity;sid:84560163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697062)"; flow:established,from_client; content:"GET"; http_method; content:"/ka345qg5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20q.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697062/; classtype:trojan-activity;sid:84560162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697061)"; flow:established,from_client; content:"GET"; http_method; content:"/z4vis9187u.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r8y.i1msth.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697061/; classtype:trojan-activity;sid:84560161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697059)"; flow:established,from_client; content:"GET"; http_method; content:"/gl3jn2mkbr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r5z0t.gfk-8120.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697059/; classtype:trojan-activity;sid:84560159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697060)"; flow:established,from_client; content:"GET"; http_method; content:"/s2.google|3f|t=giu16s8f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"20q.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697060/; classtype:trojan-activity;sid:84560160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697058/; classtype:trojan-activity;sid:84560158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697057/; classtype:trojan-activity;sid:84560157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.23.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697056/; classtype:trojan-activity;sid:84560156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.247.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697055/; classtype:trojan-activity;sid:84560155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.168.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697054/; classtype:trojan-activity;sid:84560154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697053)"; flow:established,from_client; content:"GET"; http_method; content:"/q0eq3r8e"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h93.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697053/; classtype:trojan-activity;sid:84560153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697052)"; flow:established,from_client; content:"GET"; http_method; content:"/bonavroop8.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r8y.i1msth.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697052/; classtype:trojan-activity;sid:84560152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697051)"; flow:established,from_client; content:"GET"; http_method; content:"/47d.google|3f|t=qxz19a6r"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h93.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697051/; classtype:trojan-activity;sid:84560151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.157.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697050/; classtype:trojan-activity;sid:84560150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697049)"; flow:established,from_client; content:"GET"; http_method; content:"/bguthxgq2q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2x8.gfk-8120.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697049/; classtype:trojan-activity;sid:84560149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697048)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7323453331/glc6psq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697048/; classtype:trojan-activity;sid:84560148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697047/; classtype:trojan-activity;sid:84560147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.32.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697046/; classtype:trojan-activity;sid:84560146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697045/; classtype:trojan-activity;sid:84560145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697043)"; flow:established,from_client; content:"GET"; http_method; content:"/0rqvup0545.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2x8.gfk-8120.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697043/; classtype:trojan-activity;sid:84560143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697044)"; flow:established,from_client; content:"GET"; http_method; content:"/qv1.check|3f|t=wq2fbjsj"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ke0.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697044/; classtype:trojan-activity;sid:84560144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697042)"; flow:established,from_client; content:"GET"; http_method; content:"/b6oxmcxp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"z6l.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697042/; classtype:trojan-activity;sid:84560142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697041)"; flow:established,from_client; content:"GET"; http_method; content:"/vnrtj9xzmw.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p3nkd.i1msth.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697041/; classtype:trojan-activity;sid:84560141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.184.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697040/; classtype:trojan-activity;sid:84560140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.149.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697039/; classtype:trojan-activity;sid:84560139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697038)"; flow:established,from_client; content:"GET"; http_method; content:"/0s.check|3f|t=4u4qpggx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"z6l.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697038/; classtype:trojan-activity;sid:84560138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697037)"; flow:established,from_client; content:"GET"; http_method; content:"/demm5uh9yj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a7m1v.gfk-8120.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697037/; classtype:trojan-activity;sid:84560137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.210.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697036/; classtype:trojan-activity;sid:84560136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.148.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697035/; classtype:trojan-activity;sid:84560135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.32.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697034/; classtype:trojan-activity;sid:84560134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697033)"; flow:established,from_client; content:"GET"; http_method; content:"/0kobrejl2y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h4p9q.gfk-8120.ru"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697033/; classtype:trojan-activity;sid:84560133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697032)"; flow:established,from_client; content:"GET"; http_method; content:"/e0.check|3f|t=4a1yxhgm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"els.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697032/; classtype:trojan-activity;sid:84560132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.125.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697031/; classtype:trojan-activity;sid:84560131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697030)"; flow:established,from_client; content:"GET"; http_method; content:"/hcwchr514x.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t9w4.i1msth.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697030/; classtype:trojan-activity;sid:84560130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697028)"; flow:established,from_client; content:"GET"; http_method; content:"/87.google|3f|t=w1fhiy5f"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n5i.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697028/; classtype:trojan-activity;sid:84560128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697029)"; flow:established,from_client; content:"GET"; http_method; content:"/408wt23p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"wdr.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697029/; classtype:trojan-activity;sid:84560129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.184.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697027/; classtype:trojan-activity;sid:84560127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.149.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697026/; classtype:trojan-activity;sid:84560126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.140.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697025/; classtype:trojan-activity;sid:84560125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.148.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697024/; classtype:trojan-activity;sid:84560124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.22.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697023/; classtype:trojan-activity;sid:84560123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697022)"; flow:established,from_client; content:"GET"; http_method; content:"/qk79ofhx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0x0.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697022/; classtype:trojan-activity;sid:84560122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.74.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697021/; classtype:trojan-activity;sid:84560121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.221.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697020/; classtype:trojan-activity;sid:84560120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697018)"; flow:established,from_client; content:"GET"; http_method; content:"/z09iweqk93.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u0x9a.3-f72v.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697018/; classtype:trojan-activity;sid:84560118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697019)"; flow:established,from_client; content:"GET"; http_method; content:"/kq.check|3f|t=t7i2u9wb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2e.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697019/; classtype:trojan-activity;sid:84560119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.8.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697017/; classtype:trojan-activity;sid:84560117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.236.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697015/; classtype:trojan-activity;sid:84560115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.152.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697016/; classtype:trojan-activity;sid:84560116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697013)"; flow:established,from_client; content:"GET"; http_method; content:"/0q.check|3f|t=f7fuqx5x"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"aj.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697013/; classtype:trojan-activity;sid:84560113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697014)"; flow:established,from_client; content:"GET"; http_method; content:"/wie4js1mje.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c8r5q.3-f72v.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697014/; classtype:trojan-activity;sid:84560114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.22.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697012/; classtype:trojan-activity;sid:84560112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.85.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697011/; classtype:trojan-activity;sid:84560111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.60.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697008/; classtype:trojan-activity;sid:84560108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.249.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697009/; classtype:trojan-activity;sid:84560109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.87.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697010/; classtype:trojan-activity;sid:84560110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.28.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697006/; classtype:trojan-activity;sid:84560106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.124.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697007/; classtype:trojan-activity;sid:84560107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697005)"; flow:established,from_client; content:"GET"; http_method; content:"/oxxp3vva20.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y1t4.3-f72v.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697005/; classtype:trojan-activity;sid:84560105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.174.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697004/; classtype:trojan-activity;sid:84560104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697001/; classtype:trojan-activity;sid:84560101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.15.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697002/; classtype:trojan-activity;sid:84560102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.115.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697003/; classtype:trojan-activity;sid:84560103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697000)"; flow:established,from_client; content:"GET"; http_method; content:"/30.google|3f|t=hfojfize"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"pv.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697000/; classtype:trojan-activity;sid:84560100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696999)"; flow:established,from_client; content:"GET"; http_method; content:"/z8hqvfs68r.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2v.i1msth.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696999/; classtype:trojan-activity;sid:84560099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696998)"; flow:established,from_client; content:"GET"; http_method; content:"/zned9bye"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pv.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696998/; classtype:trojan-activity;sid:84560098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.121.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696997/; classtype:trojan-activity;sid:84560097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.221.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696996/; classtype:trojan-activity;sid:84560096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.117.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696995/; classtype:trojan-activity;sid:84560095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696994)"; flow:established,from_client; content:"GET"; http_method; content:"/auk9h5epuf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k3d8n.3-f72v.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696994/; classtype:trojan-activity;sid:84560094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696993)"; flow:established,from_client; content:"GET"; http_method; content:"/f8m.google|3f|t=y3c0v94a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bh.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696993/; classtype:trojan-activity;sid:84560093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696992)"; flow:established,from_client; content:"GET"; http_method; content:"/a1l4m/2e771fb306028fabfc8e098427181f78/raw/37f3db6b29d64f1045fb60967d6297f525ddf443/iamthedanger.txt"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696992/; classtype:trojan-activity;sid:84560092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696991)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/server_upload.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696991/; classtype:trojan-activity;sid:84560091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696990)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/serverupload.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696990/; classtype:trojan-activity;sid:84560090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696989)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/host_fileupload.txt"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696989/; classtype:trojan-activity;sid:84560089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696986)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/_serverupload.txt"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696986/; classtype:trojan-activity;sid:84560086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696987)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/_server_upload.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696987/; classtype:trojan-activity;sid:84560087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696988)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/hostupload.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696988/; classtype:trojan-activity;sid:84560088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696985)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/raw/refs/heads/main/image.rar"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696985/; classtype:trojan-activity;sid:84560085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.29.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696984/; classtype:trojan-activity;sid:84560084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696982)"; flow:established,from_client; content:"GET"; http_method; content:"/ks.google|3f|t=l2hza5y6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tz.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696982/; classtype:trojan-activity;sid:84560082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696983)"; flow:established,from_client; content:"GET"; http_method; content:"/f6drxigi05.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a9p7m.3-f72v.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696983/; classtype:trojan-activity;sid:84560083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696981)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/housewkk/clientphonupload.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"vqfdkhdzsgauegpvqiem.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696981/; classtype:trojan-activity;sid:84560081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696980)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/housewkk/clientrjupload(1).txt"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"vqfdkhdzsgauegpvqiem.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696980/; classtype:trojan-activity;sid:84560080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696979)"; flow:established,from_client; content:"GET"; http_method; content:"/3ric3h/server/refs/heads/main/image.jpg"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696979/; classtype:trojan-activity;sid:84560079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.51.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696978/; classtype:trojan-activity;sid:84560078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696977)"; flow:established,from_client; content:"GET"; http_method; content:"/4hxan3ssxm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l6q2.3-f72v.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696977/; classtype:trojan-activity;sid:84560077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696976)"; flow:established,from_client; content:"GET"; http_method; content:"/te.google|3f|t=c31i8any"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"t0.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696976/; classtype:trojan-activity;sid:84560076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696975)"; flow:established,from_client; content:"GET"; http_method; content:"/p5jb49jz78.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c5jqq.s64lr5ok.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696975/; classtype:trojan-activity;sid:84560075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696974)"; flow:established,from_client; content:"GET"; http_method; content:"/4yhhghmi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696974/; classtype:trojan-activity;sid:84560074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696973/; classtype:trojan-activity;sid:84560073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696972)"; flow:established,from_client; content:"GET"; http_method; content:"/ou.google|3f|t=cols2d8u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tc.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696972/; classtype:trojan-activity;sid:84560072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.51.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696971/; classtype:trojan-activity;sid:84560071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696970)"; flow:established,from_client; content:"GET"; http_method; content:"/l1i1cag1og.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j4z8m.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696970/; classtype:trojan-activity;sid:84560070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696969)"; flow:established,from_client; content:"GET"; http_method; content:"/zk1egbbj7p.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"yx0n.s64lr5ok.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696969/; classtype:trojan-activity;sid:84560069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696968)"; flow:established,from_client; content:"GET"; http_method; content:"/noqfhps8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tc.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696968/; classtype:trojan-activity;sid:84560068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.28.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696967/; classtype:trojan-activity;sid:84560067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696966)"; flow:established,from_client; content:"GET"; http_method; content:"/q2vx4rqa82.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j4z8m.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696966/; classtype:trojan-activity;sid:84560066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696965)"; flow:established,from_client; content:"GET"; http_method; content:"/wku.google|3f|t=ew6qba1c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7r.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696965/; classtype:trojan-activity;sid:84560065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696964/; classtype:trojan-activity;sid:84560064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696963/; classtype:trojan-activity;sid:84560063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.152.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696962/; classtype:trojan-activity;sid:84560062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.14.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696961/; classtype:trojan-activity;sid:84560061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.9.65"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696960/; classtype:trojan-activity;sid:84560060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696959)"; flow:established,from_client; content:"GET"; http_method; content:"/host/obfuscated%20(30).7z"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"147.124.222.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696959/; classtype:trojan-activity;sid:84560059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696958)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.248.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696958/; classtype:trojan-activity;sid:84560058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.28.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696956/; classtype:trojan-activity;sid:84560056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696957)"; flow:established,from_client; content:"GET"; http_method; content:"/view/drive-qxsq0z8v1hmi/screen|3f|fileid=60041034"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"sites.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696957/; classtype:trojan-activity;sid:84560057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696955/; classtype:trojan-activity;sid:84560055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696934)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696934/; classtype:trojan-activity;sid:84560034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696935)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696935/; classtype:trojan-activity;sid:84560035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696936)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696936/; classtype:trojan-activity;sid:84560036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696937)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696937/; classtype:trojan-activity;sid:84560037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696938)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696938/; classtype:trojan-activity;sid:84560038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696939)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696939/; classtype:trojan-activity;sid:84560039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696940)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696940/; classtype:trojan-activity;sid:84560040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696941)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696941/; classtype:trojan-activity;sid:84560041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696942)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696942/; classtype:trojan-activity;sid:84560042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696943)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696943/; classtype:trojan-activity;sid:84560043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696944)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696944/; classtype:trojan-activity;sid:84560044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696945)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696945/; classtype:trojan-activity;sid:84560045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696946)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696946/; classtype:trojan-activity;sid:84560046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696947)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696947/; classtype:trojan-activity;sid:84560047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696948)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696948/; classtype:trojan-activity;sid:84560048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696949)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696949/; classtype:trojan-activity;sid:84560049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696950)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696950/; classtype:trojan-activity;sid:84560050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696951)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696951/; classtype:trojan-activity;sid:84560051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696952)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696952/; classtype:trojan-activity;sid:84560052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696953)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696953/; classtype:trojan-activity;sid:84560053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696954)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696954/; classtype:trojan-activity;sid:84560054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696933)"; flow:established,from_client; content:"GET"; http_method; content:"/zdnqvtw8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mx.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696933/; classtype:trojan-activity;sid:84560033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696932)"; flow:established,from_client; content:"GET"; http_method; content:"/pipa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bilkaso.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696932/; classtype:trojan-activity;sid:84560032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696930)"; flow:established,from_client; content:"GET"; http_method; content:"/2bby1buglr.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zf42.s64lr5ok.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696930/; classtype:trojan-activity;sid:84560030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696931)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/taga/raw/refs/heads/main/um.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696931/; classtype:trojan-activity;sid:84560031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696929)"; flow:established,from_client; content:"GET"; http_method; content:"/host/sirrrrdeee.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"147.124.222.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696929/; classtype:trojan-activity;sid:84560029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696928)"; flow:established,from_client; content:"GET"; http_method; content:"/host/resoconto%20insoluti%20al%2031102025%20-%20attenzione%20iban.7z"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"147.124.222.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696928/; classtype:trojan-activity;sid:84560028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696927)"; flow:established,from_client; content:"GET"; http_method; content:"/xmuiibxmaw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s0h5.x625v7.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696927/; classtype:trojan-activity;sid:84560027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696926)"; flow:established,from_client; content:"GET"; http_method; content:"/4ab.check|3f|t=te1bepnr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2iz.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696926/; classtype:trojan-activity;sid:84560026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696925)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/xxxx/raw/refs/heads/main/xclient.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696925/; classtype:trojan-activity;sid:84560025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696924)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/kiljo/raw/refs/heads/main/umbral.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696924/; classtype:trojan-activity;sid:84560024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.115.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696923/; classtype:trojan-activity;sid:84560023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696919)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/svchost/raw/refs/heads/main/svchost.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696919/; classtype:trojan-activity;sid:84560019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696920)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/xeno/raw/refs/heads/main/xenoui.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696920/; classtype:trojan-activity;sid:84560020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696921)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/injector/raw/refs/heads/main/delta_executor_private.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696921/; classtype:trojan-activity;sid:84560021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696922)"; flow:established,from_client; content:"GET"; http_method; content:"/rbcheat/xdwd/raw/refs/heads/main/client.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696922/; classtype:trojan-activity;sid:84560022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696918)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5298241443/zulhcuh.bat"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696918/; classtype:trojan-activity;sid:84560018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.203.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696917/; classtype:trojan-activity;sid:84560017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.152.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696916/; classtype:trojan-activity;sid:84560016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696915/; classtype:trojan-activity;sid:84560015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.73.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696914/; classtype:trojan-activity;sid:84560014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.14.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696913/; classtype:trojan-activity;sid:84560013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696912/; classtype:trojan-activity;sid:84560012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.248.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696911/; classtype:trojan-activity;sid:84560011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.6.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696910/; classtype:trojan-activity;sid:84560010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696909)"; flow:established,from_client; content:"GET"; http_method; content:"/he2.check|3f|t=tqqqt255"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vyc.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696909/; classtype:trojan-activity;sid:84560009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696908)"; flow:established,from_client; content:"GET"; http_method; content:"/hkxkjppvhv.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a7r.s64lr5ok.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696908/; classtype:trojan-activity;sid:84560008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696906)"; flow:established,from_client; content:"GET"; http_method; content:"/cdyyi9tt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vyc.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696906/; classtype:trojan-activity;sid:84560006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696907)"; flow:established,from_client; content:"GET"; http_method; content:"/u1hh2bs3zp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e7v1n.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696907/; classtype:trojan-activity;sid:84560007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.89.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696904/; classtype:trojan-activity;sid:84560004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696905/; classtype:trojan-activity;sid:84560005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696902)"; flow:established,from_client; content:"GET"; http_method; content:"/dsj.check|3f|t=8jdlg4m7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5ha.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696902/; classtype:trojan-activity;sid:84560002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696903)"; flow:established,from_client; content:"GET"; http_method; content:"/dl7rzsp87n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e7v1n.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696903/; classtype:trojan-activity;sid:84560003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.122.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696901/; classtype:trojan-activity;sid:84560001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.10.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696900/; classtype:trojan-activity;sid:84560000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696899/; classtype:trojan-activity;sid:84559999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.248.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696898/; classtype:trojan-activity;sid:84559998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696897)"; flow:established,from_client; content:"GET"; http_method; content:"/ran5gxgqwr.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m3t8p.s64lr5ok.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696897/; classtype:trojan-activity;sid:84559997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696896)"; flow:established,from_client; content:"GET"; http_method; content:"/p9r9bl9p"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"chu.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696896/; classtype:trojan-activity;sid:84559996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.195.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696895/; classtype:trojan-activity;sid:84559995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696894)"; flow:established,from_client; content:"GET"; http_method; content:"/mz8q073erd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p6m4q.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696894/; classtype:trojan-activity;sid:84559994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696893)"; flow:established,from_client; content:"GET"; http_method; content:"/n7l.google|3f|t=gfkk4nn5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"chu.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696893/; classtype:trojan-activity;sid:84559993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.21.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696892/; classtype:trojan-activity;sid:84559992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.122.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696891/; classtype:trojan-activity;sid:84559991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696890/; classtype:trojan-activity;sid:84559990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696889/; classtype:trojan-activity;sid:84559989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696888)"; flow:established,from_client; content:"GET"; http_method; content:"/cu6.check|3f|t=wl7wqmmh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xqs.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696888/; classtype:trojan-activity;sid:84559988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696887)"; flow:established,from_client; content:"GET"; http_method; content:"/22tx6w3812.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t2k8.x625v7.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696887/; classtype:trojan-activity;sid:84559987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.2.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696886/; classtype:trojan-activity;sid:84559986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696885/; classtype:trojan-activity;sid:84559985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.182.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696884/; classtype:trojan-activity;sid:84559984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.10.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696883/; classtype:trojan-activity;sid:84559983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.103.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696881/; classtype:trojan-activity;sid:84559981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.187.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696882/; classtype:trojan-activity;sid:84559982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.29.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696880/; classtype:trojan-activity;sid:84559980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696879/; classtype:trojan-activity;sid:84559979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696878)"; flow:established,from_client; content:"GET"; http_method; content:"/0qa.check|3f|t=7ci9x0tp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2zs.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696878/; classtype:trojan-activity;sid:84559978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696877)"; flow:established,from_client; content:"GET"; http_method; content:"/4apcd7a5ld.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w9c3a.x625v7.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696877/; classtype:trojan-activity;sid:84559977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696876)"; flow:established,from_client; content:"GET"; http_method; content:"/vm1j0cv9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2zs.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696876/; classtype:trojan-activity;sid:84559976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696875)"; flow:established,from_client; content:"GET"; http_method; content:"/youxhl3w16.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q1zd.s64lr5ok.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696875/; classtype:trojan-activity;sid:84559975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696874)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.7.129.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696874/; classtype:trojan-activity;sid:84559974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696873)"; flow:established,from_client; content:"GET"; http_method; content:"/j1zvk7df1v.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q1zd.s64lr5ok.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696873/; classtype:trojan-activity;sid:84559973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696872)"; flow:established,from_client; content:"GET"; http_method; content:"/2j257aij"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2z.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696872/; classtype:trojan-activity;sid:84559972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.2.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696871/; classtype:trojan-activity;sid:84559971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696870/; classtype:trojan-activity;sid:84559970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696869/; classtype:trojan-activity;sid:84559969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.187.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696867/; classtype:trojan-activity;sid:84559967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.182.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696868/; classtype:trojan-activity;sid:84559968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696866/; classtype:trojan-activity;sid:84559966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.17.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696865/; classtype:trojan-activity;sid:84559965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696863)"; flow:established,from_client; content:"GET"; http_method; content:"/lqvgrhgz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4q.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696863/; classtype:trojan-activity;sid:84559963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696864)"; flow:established,from_client; content:"GET"; http_method; content:"/qor11ohklo.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v9k.s64lr5ok.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696864/; classtype:trojan-activity;sid:84559964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696862/; classtype:trojan-activity;sid:84559962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.53.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696861/; classtype:trojan-activity;sid:84559961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.236.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696860/; classtype:trojan-activity;sid:84559960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.103.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696859/; classtype:trojan-activity;sid:84559959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.113.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696858/; classtype:trojan-activity;sid:84559958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.69.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696857/; classtype:trojan-activity;sid:84559957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.182.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696856/; classtype:trojan-activity;sid:84559956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696855)"; flow:established,from_client; content:"GET"; http_method; content:"/51zy4trnc5.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3.aaty4qdy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696855/; classtype:trojan-activity;sid:84559955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696854)"; flow:established,from_client; content:"GET"; http_method; content:"/2ajg0c5i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"88.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696854/; classtype:trojan-activity;sid:84559954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.16.212"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696853/; classtype:trojan-activity;sid:84559953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696852)"; flow:established,from_client; content:"GET"; http_method; content:"/09icbk8v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"40.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696852/; classtype:trojan-activity;sid:84559952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696851)"; flow:established,from_client; content:"GET"; http_method; content:"/k2dro8pgkg.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3.aaty4qdy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696851/; classtype:trojan-activity;sid:84559951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.121.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696850/; classtype:trojan-activity;sid:84559950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.17.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696849/; classtype:trojan-activity;sid:84559949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.252.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696848/; classtype:trojan-activity;sid:84559948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.53.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696847/; classtype:trojan-activity;sid:84559947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696846/; classtype:trojan-activity;sid:84559946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696843/; classtype:trojan-activity;sid:84559943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696844)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696844/; classtype:trojan-activity;sid:84559944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696845)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696845/; classtype:trojan-activity;sid:84559945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696832)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696832/; classtype:trojan-activity;sid:84559932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696833/; classtype:trojan-activity;sid:84559933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696834/; classtype:trojan-activity;sid:84559934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696835)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696835/; classtype:trojan-activity;sid:84559935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696836)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696836/; classtype:trojan-activity;sid:84559936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696837/; classtype:trojan-activity;sid:84559937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696838/; classtype:trojan-activity;sid:84559938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696839)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696839/; classtype:trojan-activity;sid:84559939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696840)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696840/; classtype:trojan-activity;sid:84559940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696841)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696841/; classtype:trojan-activity;sid:84559941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696842)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.233.161.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696842/; classtype:trojan-activity;sid:84559942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696831/; classtype:trojan-activity;sid:84559931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.184.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696830/; classtype:trojan-activity;sid:84559930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696829)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696829/; classtype:trojan-activity;sid:84559929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696828)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696828/; classtype:trojan-activity;sid:84559928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696825)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696825/; classtype:trojan-activity;sid:84559925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696826)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696826/; classtype:trojan-activity;sid:84559926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696827)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696827/; classtype:trojan-activity;sid:84559927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696818)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696818/; classtype:trojan-activity;sid:84559918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696819)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696819/; classtype:trojan-activity;sid:84559919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696820)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696820/; classtype:trojan-activity;sid:84559920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696821)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696821/; classtype:trojan-activity;sid:84559921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696822)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696822/; classtype:trojan-activity;sid:84559922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696823)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696823/; classtype:trojan-activity;sid:84559923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696824)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696824/; classtype:trojan-activity;sid:84559924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696808)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696808/; classtype:trojan-activity;sid:84559908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696809)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696809/; classtype:trojan-activity;sid:84559909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696810)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696810/; classtype:trojan-activity;sid:84559910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696811)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696811/; classtype:trojan-activity;sid:84559911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696812)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696812/; classtype:trojan-activity;sid:84559912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696813/; classtype:trojan-activity;sid:84559913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696814/; classtype:trojan-activity;sid:84559914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696815)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696815/; classtype:trojan-activity;sid:84559915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696816)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696816/; classtype:trojan-activity;sid:84559916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696817)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696817/; classtype:trojan-activity;sid:84559917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696807)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696807/; classtype:trojan-activity;sid:84559907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696797)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696797/; classtype:trojan-activity;sid:84559897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696798/; classtype:trojan-activity;sid:84559898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696799/; classtype:trojan-activity;sid:84559899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696800)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696800/; classtype:trojan-activity;sid:84559900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696801)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696801/; classtype:trojan-activity;sid:84559901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696802)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696802/; classtype:trojan-activity;sid:84559902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696803)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696803/; classtype:trojan-activity;sid:84559903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696804/; classtype:trojan-activity;sid:84559904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696805)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696805/; classtype:trojan-activity;sid:84559905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696806)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"jhfhfdkhdfdk32.duckdns.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696806/; classtype:trojan-activity;sid:84559906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696796)"; flow:established,from_client; content:"GET"; http_method; content:"/j31wpxpmpd.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qm8.aaty4qdy.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696796/; classtype:trojan-activity;sid:84559896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.248.198.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696786/; classtype:trojan-activity;sid:84559886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696787)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696787/; classtype:trojan-activity;sid:84559887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696788)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696788/; classtype:trojan-activity;sid:84559888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696789)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696789/; classtype:trojan-activity;sid:84559889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696790)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696790/; classtype:trojan-activity;sid:84559890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696791)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696791/; classtype:trojan-activity;sid:84559891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696792)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696792/; classtype:trojan-activity;sid:84559892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696793)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696793/; classtype:trojan-activity;sid:84559893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696794)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696794/; classtype:trojan-activity;sid:84559894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696795)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"194.87.245.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696795/; classtype:trojan-activity;sid:84559895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696776/; classtype:trojan-activity;sid:84559876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696777/; classtype:trojan-activity;sid:84559877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696778/; classtype:trojan-activity;sid:84559878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696779/; classtype:trojan-activity;sid:84559879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696780)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696780/; classtype:trojan-activity;sid:84559880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696781/; classtype:trojan-activity;sid:84559881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696782/; classtype:trojan-activity;sid:84559882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696783/; classtype:trojan-activity;sid:84559883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696784)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696784/; classtype:trojan-activity;sid:84559884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.116.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696785/; classtype:trojan-activity;sid:84559885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696775)"; flow:established,from_client; content:"GET"; http_method; content:"/yqn57u1g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5j.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696775/; classtype:trojan-activity;sid:84559875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696774)"; flow:established,from_client; content:"GET"; http_method; content:"/i6x84l7lwv.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1x.aaty4qdy.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696774/; classtype:trojan-activity;sid:84559874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696773)"; flow:established,from_client; content:"GET"; http_method; content:"/a21qyava"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3d.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696773/; classtype:trojan-activity;sid:84559873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696770)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696770/; classtype:trojan-activity;sid:84559870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696771/; classtype:trojan-activity;sid:84559871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696772)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696772/; classtype:trojan-activity;sid:84559872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696768/; classtype:trojan-activity;sid:84559868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696769)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696769/; classtype:trojan-activity;sid:84559869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696766/; classtype:trojan-activity;sid:84559866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696767)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696767/; classtype:trojan-activity;sid:84559867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696755/; classtype:trojan-activity;sid:84559855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696756)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696756/; classtype:trojan-activity;sid:84559856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696757)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696757/; classtype:trojan-activity;sid:84559857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696758)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696758/; classtype:trojan-activity;sid:84559858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696759)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696759/; classtype:trojan-activity;sid:84559859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696760)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696760/; classtype:trojan-activity;sid:84559860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696761)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696761/; classtype:trojan-activity;sid:84559861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696762)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696762/; classtype:trojan-activity;sid:84559862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696763)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696763/; classtype:trojan-activity;sid:84559863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696764)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696764/; classtype:trojan-activity;sid:84559864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696765)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"milanocapitals.shop"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696765/; classtype:trojan-activity;sid:84559865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696750)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696750/; classtype:trojan-activity;sid:84559850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.56.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696751/; classtype:trojan-activity;sid:84559851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696752)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696752/; classtype:trojan-activity;sid:84559852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696753)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696753/; classtype:trojan-activity;sid:84559853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696754)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696754/; classtype:trojan-activity;sid:84559854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696749)"; flow:established,from_client; content:"GET"; http_method; content:"/0krhsmjnxy.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u1x.aaty4qdy.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696749/; classtype:trojan-activity;sid:84559849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696748)"; flow:established,from_client; content:"GET"; http_method; content:"/ipggaa2c"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dp.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696748/; classtype:trojan-activity;sid:84559848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.232.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696747/; classtype:trojan-activity;sid:84559847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.80.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696746/; classtype:trojan-activity;sid:84559846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.29.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696745/; classtype:trojan-activity;sid:84559845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696742/; classtype:trojan-activity;sid:84559842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.armv7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696743/; classtype:trojan-activity;sid:84559843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.arm64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696744/; classtype:trojan-activity;sid:84559844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696741/; classtype:trojan-activity;sid:84559841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696736/; classtype:trojan-activity;sid:84559836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696737/; classtype:trojan-activity;sid:84559837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696738/; classtype:trojan-activity;sid:84559838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696739/; classtype:trojan-activity;sid:84559839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696740/; classtype:trojan-activity;sid:84559840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.184.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696734/; classtype:trojan-activity;sid:84559834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"154.12.95.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696735/; classtype:trojan-activity;sid:84559835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.arm64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696733/; classtype:trojan-activity;sid:84559833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696731)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696731/; classtype:trojan-activity;sid:84559831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696732)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.armv7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696732/; classtype:trojan-activity;sid:84559832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696725)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696725/; classtype:trojan-activity;sid:84559825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696726)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696726/; classtype:trojan-activity;sid:84559826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696727/; classtype:trojan-activity;sid:84559827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696728)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696728/; classtype:trojan-activity;sid:84559828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696729/; classtype:trojan-activity;sid:84559829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696730)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mddos.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696730/; classtype:trojan-activity;sid:84559830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696724)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xmrig.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tyuy.xyz"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696724/; classtype:trojan-activity;sid:84559824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696723)"; flow:established,from_client; content:"GET"; http_method; content:"/g5e1vmv4tb.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h4.aaty4qdy.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696723/; classtype:trojan-activity;sid:84559823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696722)"; flow:established,from_client; content:"GET"; http_method; content:"/houzqdxm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"oos.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696722/; classtype:trojan-activity;sid:84559822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.34.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696721/; classtype:trojan-activity;sid:84559821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696720)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696720/; classtype:trojan-activity;sid:84559820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696719)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bins.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696719/; classtype:trojan-activity;sid:84559819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696717)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696717/; classtype:trojan-activity;sid:84559817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696718)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696718/; classtype:trojan-activity;sid:84559818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696715)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696715/; classtype:trojan-activity;sid:84559815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696716)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696716/; classtype:trojan-activity;sid:84559816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696714)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696714/; classtype:trojan-activity;sid:84559814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696711)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696711/; classtype:trojan-activity;sid:84559811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696712)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696712/; classtype:trojan-activity;sid:84559812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696713)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696713/; classtype:trojan-activity;sid:84559813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696702)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696702/; classtype:trojan-activity;sid:84559802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696703)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.gnueabihf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696703/; classtype:trojan-activity;sid:84559803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696704)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.armv7a"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696704/; classtype:trojan-activity;sid:84559804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696705)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.armv7a"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696705/; classtype:trojan-activity;sid:84559805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696706)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696706/; classtype:trojan-activity;sid:84559806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696707)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696707/; classtype:trojan-activity;sid:84559807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696708)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696708/; classtype:trojan-activity;sid:84559808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696709)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696709/; classtype:trojan-activity;sid:84559809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696710)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696710/; classtype:trojan-activity;sid:84559810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696699)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696699/; classtype:trojan-activity;sid:84559799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696700)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696700/; classtype:trojan-activity;sid:84559800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696701)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696701/; classtype:trojan-activity;sid:84559801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696694/; classtype:trojan-activity;sid:84559794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696695/; classtype:trojan-activity;sid:84559795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696696/; classtype:trojan-activity;sid:84559796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696697/; classtype:trojan-activity;sid:84559797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696698)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696698/; classtype:trojan-activity;sid:84559798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696691/; classtype:trojan-activity;sid:84559791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696692/; classtype:trojan-activity;sid:84559792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxipzknrsojnitzv.zip"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696693/; classtype:trojan-activity;sid:84559793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696690/; classtype:trojan-activity;sid:84559790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696689/; classtype:trojan-activity;sid:84559789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696670)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696670/; classtype:trojan-activity;sid:84559770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696671)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696671/; classtype:trojan-activity;sid:84559771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696672/; classtype:trojan-activity;sid:84559772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696673/; classtype:trojan-activity;sid:84559773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696674/; classtype:trojan-activity;sid:84559774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm5n"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696675/; classtype:trojan-activity;sid:84559775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696676/; classtype:trojan-activity;sid:84559776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696677/; classtype:trojan-activity;sid:84559777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.armv7a"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696678/; classtype:trojan-activity;sid:84559778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.armv7a"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696679/; classtype:trojan-activity;sid:84559779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696680)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696680/; classtype:trojan-activity;sid:84559780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696681/; classtype:trojan-activity;sid:84559781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696682/; classtype:trojan-activity;sid:84559782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm5n"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696683/; classtype:trojan-activity;sid:84559783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696684/; classtype:trojan-activity;sid:84559784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696685/; classtype:trojan-activity;sid:84559785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/miraint.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696686/; classtype:trojan-activity;sid:84559786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.gnueabihf"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696687/; classtype:trojan-activity;sid:84559787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.133.119.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696688/; classtype:trojan-activity;sid:84559788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.208.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696669/; classtype:trojan-activity;sid:84559769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696668)"; flow:established,from_client; content:"GET"; http_method; content:"/uawjfujz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rg7.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696668/; classtype:trojan-activity;sid:84559768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696667)"; flow:established,from_client; content:"GET"; http_method; content:"/8wapx9cf8s.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa9.o4-lq-8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696667/; classtype:trojan-activity;sid:84559767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.56.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696666/; classtype:trojan-activity;sid:84559766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696665)"; flow:established,from_client; content:"GET"; http_method; content:"/allz6khg9y.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"aa9.o4-lq-8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696665/; classtype:trojan-activity;sid:84559765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696664)"; flow:established,from_client; content:"GET"; http_method; content:"/2hs9xiqk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"415.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696664/; classtype:trojan-activity;sid:84559764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.51.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696663/; classtype:trojan-activity;sid:84559763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.65.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696662/; classtype:trojan-activity;sid:84559762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696661)"; flow:established,from_client; content:"GET"; http_method; content:"/powershell.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.227.152.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696661/; classtype:trojan-activity;sid:84559761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696660)"; flow:established,from_client; content:"GET"; http_method; content:"/415xkwje"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5fw.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696660/; classtype:trojan-activity;sid:84559760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696659)"; flow:established,from_client; content:"GET"; http_method; content:"/6abqcf17jo.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wq0.o4-lq-8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696659/; classtype:trojan-activity;sid:84559759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696658/; classtype:trojan-activity;sid:84559758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696652/; classtype:trojan-activity;sid:84559752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696653/; classtype:trojan-activity;sid:84559753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696654/; classtype:trojan-activity;sid:84559754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696655/; classtype:trojan-activity;sid:84559755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696656/; classtype:trojan-activity;sid:84559756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696657/; classtype:trojan-activity;sid:84559757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696651/; classtype:trojan-activity;sid:84559751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696650)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696650/; classtype:trojan-activity;sid:84559750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696646)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696646/; classtype:trojan-activity;sid:84559746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696647)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696647/; classtype:trojan-activity;sid:84559747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696648)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696648/; classtype:trojan-activity;sid:84559748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696649/; classtype:trojan-activity;sid:84559749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696645)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"ptptonuwu.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696645/; classtype:trojan-activity;sid:84559745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696644)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5298241443/zulhcuh.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696644/; classtype:trojan-activity;sid:84559744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696643)"; flow:established,from_client; content:"GET"; http_method; content:"/ci9fms4mvo.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2p1.k5gc56.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696643/; classtype:trojan-activity;sid:84559743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696642)"; flow:established,from_client; content:"GET"; http_method; content:"/lmn.check|3f|t=noh55rcw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3dw.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696642/; classtype:trojan-activity;sid:84559742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696641)"; flow:established,from_client; content:"GET"; http_method; content:"/files/smm_traff/random.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696641/; classtype:trojan-activity;sid:84559741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.34.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696640/; classtype:trojan-activity;sid:84559740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696639)"; flow:established,from_client; content:"GET"; http_method; content:"/x.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"172.245.27.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696639/; classtype:trojan-activity;sid:84559739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696638)"; flow:established,from_client; content:"GET"; http_method; content:"/xtest.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"172.245.27.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696638/; classtype:trojan-activity;sid:84559738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696637)"; flow:established,from_client; content:"GET"; http_method; content:"/xeno.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"172.245.27.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696637/; classtype:trojan-activity;sid:84559737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696636)"; flow:established,from_client; content:"GET"; http_method; content:"/0iwra2eck4.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2p1.k5gc56.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696636/; classtype:trojan-activity;sid:84559736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696635)"; flow:established,from_client; content:"GET"; http_method; content:"/lko.google|3f|t=a56w95vm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"npl.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696635/; classtype:trojan-activity;sid:84559735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.198.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696634/; classtype:trojan-activity;sid:84559734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.146.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696633/; classtype:trojan-activity;sid:84559733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696632)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68546543.tarotbag.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696632/; classtype:trojan-activity;sid:84559732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696631)"; flow:established,from_client; content:"GET"; http_method; content:"/client-built.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"213.142.159.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696631/; classtype:trojan-activity;sid:84559731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696630)"; flow:established,from_client; content:"GET"; http_method; content:"/hfvrc2vovd.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c7z.o4-lq-8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696630/; classtype:trojan-activity;sid:84559730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696629)"; flow:established,from_client; content:"GET"; http_method; content:"/3guv1po9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c8n.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696629/; classtype:trojan-activity;sid:84559729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696627)"; flow:established,from_client; content:"GET"; http_method; content:"/3m.check|3f|t=mzi19f1a"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"c8n.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696627/; classtype:trojan-activity;sid:84559727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696628)"; flow:established,from_client; content:"GET"; http_method; content:"/j9yaa93ugd.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3xk.k5gc56.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696628/; classtype:trojan-activity;sid:84559728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696626)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31agostomax3.dynuddns.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696626/; classtype:trojan-activity;sid:84559726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696625)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31agostomax3.dynuddns.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696625/; classtype:trojan-activity;sid:84559725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696624)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31agostomax3.dynuddns.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696624/; classtype:trojan-activity;sid:84559724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696623)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31agostomax3.dynuddns.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696623/; classtype:trojan-activity;sid:84559723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696622)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31agostomax3.dynuddns.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696622/; classtype:trojan-activity;sid:84559722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696621)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.check|3f|t=fqqs4uiw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"v1i.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696621/; classtype:trojan-activity;sid:84559721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696620)"; flow:established,from_client; content:"GET"; http_method; content:"/iu5yfvovof.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qa9.k5gc56.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696620/; classtype:trojan-activity;sid:84559720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.220.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696619/; classtype:trojan-activity;sid:84559719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696618)"; flow:established,from_client; content:"GET"; http_method; content:"/l/msteams.msi"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696618/; classtype:trojan-activity;sid:84559718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696617)"; flow:established,from_client; content:"GET"; http_method; content:"/l/msteams.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696617/; classtype:trojan-activity;sid:84559717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696616)"; flow:established,from_client; content:"GET"; http_method; content:"/pyank/pyan.wsf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"significant-adopted-bearing-own.trycloudflare.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696616/; classtype:trojan-activity;sid:84559716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696614)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/tyma.wsf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696614/; classtype:trojan-activity;sid:84559714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696615)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb2wsf/4/5/6/kola.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696615/; classtype:trojan-activity;sid:84559715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696613)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb1wsf/1/2/3/tyma.wsf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696613/; classtype:trojan-activity;sid:84559713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696612)"; flow:established,from_client; content:"GET"; http_method; content:"/qfb3wsf/7/8/9/uju.wsf"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696612/; classtype:trojan-activity;sid:84559712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696611)"; flow:established,from_client; content:"GET"; http_method; content:"/w1pp/r503749j637r01.pdf.lnk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696611/; classtype:trojan-activity;sid:84559711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696610)"; flow:established,from_client; content:"GET"; http_method; content:"/rup/re-5704937421.pdf.lnk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696610/; classtype:trojan-activity;sid:84559710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696609)"; flow:established,from_client; content:"GET"; http_method; content:"/wya/r537js829031.pdf.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"scratch-orbit-method-unlikely.trycloudflare.com"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696609/; classtype:trojan-activity;sid:84559709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.37.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696608/; classtype:trojan-activity;sid:84559708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696607)"; flow:established,from_client; content:"GET"; http_method; content:"/pbg2vayc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b9w.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696607/; classtype:trojan-activity;sid:84559707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.216.227.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696606/; classtype:trojan-activity;sid:84559706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.226.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696605/; classtype:trojan-activity;sid:84559705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696604)"; flow:established,from_client; content:"GET"; http_method; content:"/0c.google|3f|t=c7c1j2ma"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b9w.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696604/; classtype:trojan-activity;sid:84559704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696603)"; flow:established,from_client; content:"GET"; http_method; content:"/oi876khsli.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qa9.k5gc56.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696603/; classtype:trojan-activity;sid:84559703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.146.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696602/; classtype:trojan-activity;sid:84559702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696601)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/hcbsxxl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696601/; classtype:trojan-activity;sid:84559701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696600)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696600/; classtype:trojan-activity;sid:84559700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.182.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696599/; classtype:trojan-activity;sid:84559699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696597)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696597/; classtype:trojan-activity;sid:84559697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696598)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696598/; classtype:trojan-activity;sid:84559698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696596)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696596/; classtype:trojan-activity;sid:84559696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696595)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696595/; classtype:trojan-activity;sid:84559695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696594)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696594/; classtype:trojan-activity;sid:84559694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696590)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696590/; classtype:trojan-activity;sid:84559690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696591)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696591/; classtype:trojan-activity;sid:84559691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696592)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696592/; classtype:trojan-activity;sid:84559692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696593)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696593/; classtype:trojan-activity;sid:84559693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696588)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696588/; classtype:trojan-activity;sid:84559688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696589)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.81.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696589/; classtype:trojan-activity;sid:84559689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.22.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696587/; classtype:trojan-activity;sid:84559687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696586)"; flow:established,from_client; content:"GET"; http_method; content:"/z53ai62ysq.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zv04.k5gc56.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696586/; classtype:trojan-activity;sid:84559686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696585)"; flow:established,from_client; content:"GET"; http_method; content:"/7x.google|3f|t=vf47ylic"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"z7.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696585/; classtype:trojan-activity;sid:84559685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696584)"; flow:established,from_client; content:"GET"; http_method; content:"/ozpzgdq31s.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n2.o4-lq-8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696584/; classtype:trojan-activity;sid:84559684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696583)"; flow:established,from_client; content:"GET"; http_method; content:"/gqheao0y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"z7.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696583/; classtype:trojan-activity;sid:84559683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.104.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696582/; classtype:trojan-activity;sid:84559682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.93.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696580/; classtype:trojan-activity;sid:84559680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.50.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696581/; classtype:trojan-activity;sid:84559681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.153.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696574/; classtype:trojan-activity;sid:84559674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.180.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696575/; classtype:trojan-activity;sid:84559675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.13.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696576/; classtype:trojan-activity;sid:84559676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.43.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696577/; classtype:trojan-activity;sid:84559677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.205.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696578/; classtype:trojan-activity;sid:84559678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.113.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696579/; classtype:trojan-activity;sid:84559679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.220.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696573/; classtype:trojan-activity;sid:84559673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.69.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696572/; classtype:trojan-activity;sid:84559672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696570)"; flow:established,from_client; content:"GET"; http_method; content:"/chromeupdate.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"38.38.251.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696570/; classtype:trojan-activity;sid:84559670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696569)"; flow:established,from_client; content:"GET"; http_method; content:"/rabtxaayt5.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zv04.k5gc56.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696569/; classtype:trojan-activity;sid:84559669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696568)"; flow:established,from_client; content:"GET"; http_method; content:"/tma.google|3f|t=see83ioy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w9.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696568/; classtype:trojan-activity;sid:84559668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.216.227.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696567/; classtype:trojan-activity;sid:84559667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696566)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.142.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696566/; classtype:trojan-activity;sid:84559666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.12.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696565/; classtype:trojan-activity;sid:84559665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.90.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696564/; classtype:trojan-activity;sid:84559664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696563)"; flow:established,from_client; content:"GET"; http_method; content:"/rcybrkep5w.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1m.k5gc56.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696563/; classtype:trojan-activity;sid:84559663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696562)"; flow:established,from_client; content:"GET"; http_method; content:"/y7.check|3f|t=mox00hpb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"8q.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696562/; classtype:trojan-activity;sid:84559662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696560/; classtype:trojan-activity;sid:84559660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.182.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696561/; classtype:trojan-activity;sid:84559661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696559)"; flow:established,from_client; content:"GET"; http_method; content:"/81bbx7xgo8.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1m.k5gc56.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696559/; classtype:trojan-activity;sid:84559659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696558)"; flow:established,from_client; content:"GET"; http_method; content:"/9jw.google|3f|t=omolbqv3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2j.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696558/; classtype:trojan-activity;sid:84559658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696557)"; flow:established,from_client; content:"GET"; http_method; content:"/ot02kl0zck.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t1w.p-72h.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696557/; classtype:trojan-activity;sid:84559657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696556)"; flow:established,from_client; content:"GET"; http_method; content:"/ud51y88n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2j.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696556/; classtype:trojan-activity;sid:84559656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.104.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696555/; classtype:trojan-activity;sid:84559655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.22.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696554/; classtype:trojan-activity;sid:84559654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.12.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696553/; classtype:trojan-activity;sid:84559653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696552)"; flow:established,from_client; content:"GET"; http_method; content:"/unbv41hupd.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g8.k5gc56.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696552/; classtype:trojan-activity;sid:84559652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696550)"; flow:established,from_client; content:"GET"; http_method; content:"/zouwe66v"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hc.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696550/; classtype:trojan-activity;sid:84559650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696551)"; flow:established,from_client; content:"GET"; http_method; content:"/838hs5pqcf.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m.p-72h.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696551/; classtype:trojan-activity;sid:84559651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696549)"; flow:established,from_client; content:"GET"; http_method; content:"/aqw.check|3f|t=dx2zfath"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hc.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696549/; classtype:trojan-activity;sid:84559649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.42.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696548/; classtype:trojan-activity;sid:84559648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696547)"; flow:established,from_client; content:"GET"; http_method; content:"/e575ydadwq.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m.p-72h.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696547/; classtype:trojan-activity;sid:84559647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696546)"; flow:established,from_client; content:"GET"; http_method; content:"/wwa8u1xl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fo.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696546/; classtype:trojan-activity;sid:84559646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696545/; classtype:trojan-activity;sid:84559645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696544/; classtype:trojan-activity;sid:84559644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696543)"; flow:established,from_client; content:"GET"; http_method; content:"/lh.check|3f|t=vugr5idy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"7b.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696543/; classtype:trojan-activity;sid:84559643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696542)"; flow:established,from_client; content:"GET"; http_method; content:"/e71dbugj68.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zq9.p-72h.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696542/; classtype:trojan-activity;sid:84559642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696541)"; flow:established,from_client; content:"GET"; http_method; content:"/odvghvv8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7b.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696541/; classtype:trojan-activity;sid:84559641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696540)"; flow:established,from_client; content:"GET"; http_method; content:"/imcuming.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696540/; classtype:trojan-activity;sid:84559640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696539)"; flow:established,from_client; content:"GET"; http_method; content:"/rg841jyz22.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w6.dae017f.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696539/; classtype:trojan-activity;sid:84559639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696538)"; flow:established,from_client; content:"GET"; http_method; content:"/9to.check|3f|t=bjih5dh5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s9.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696538/; classtype:trojan-activity;sid:84559638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696537)"; flow:established,from_client; content:"GET"; http_method; content:"/nvd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.27.140.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696537/; classtype:trojan-activity;sid:84559637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696536)"; flow:established,from_client; content:"GET"; http_method; content:"/urrnj8af44.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k3.p-72h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696536/; classtype:trojan-activity;sid:84559636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696535)"; flow:established,from_client; content:"GET"; http_method; content:"/7sg2is7j"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s9.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696535/; classtype:trojan-activity;sid:84559635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696534)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696534/; classtype:trojan-activity;sid:84559634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696533)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696533/; classtype:trojan-activity;sid:84559633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696531)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696531/; classtype:trojan-activity;sid:84559631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696532)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696532/; classtype:trojan-activity;sid:84559632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696529)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696529/; classtype:trojan-activity;sid:84559629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696530)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696530/; classtype:trojan-activity;sid:84559630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696528)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696528/; classtype:trojan-activity;sid:84559628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696526)"; flow:established,from_client; content:"GET"; http_method; content:"/oyc.google|3f|t=8386bce6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p3.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696526/; classtype:trojan-activity;sid:84559626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696527)"; flow:established,from_client; content:"GET"; http_method; content:"/pu6s4iql0q.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r0t2.dae017f.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696527/; classtype:trojan-activity;sid:84559627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.16.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696525/; classtype:trojan-activity;sid:84559625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696523)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696523/; classtype:trojan-activity;sid:84559623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696524)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"164.92.201.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696524/; classtype:trojan-activity;sid:84559624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696522)"; flow:established,from_client; content:"GET"; http_method; content:"/ootkbw100t.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r0t2.dae017f.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696522/; classtype:trojan-activity;sid:84559622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696521)"; flow:established,from_client; content:"GET"; http_method; content:"/f5.check|3f|t=ro976srf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"i8.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696521/; classtype:trojan-activity;sid:84559621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696520)"; flow:established,from_client; content:"GET"; http_method; content:"/d0ucyv5s"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"i8.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696520/; classtype:trojan-activity;sid:84559620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.172.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696519/; classtype:trojan-activity;sid:84559619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.88.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696518/; classtype:trojan-activity;sid:84559618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.196.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696517/; classtype:trojan-activity;sid:84559617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696516)"; flow:established,from_client; content:"GET"; http_method; content:"/ciu73x327w.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d5.a-4n66k4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696516/; classtype:trojan-activity;sid:84559616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696515)"; flow:established,from_client; content:"GET"; http_method; content:"/09p2gswx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dnb.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696515/; classtype:trojan-activity;sid:84559615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.37.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696514/; classtype:trojan-activity;sid:84559614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696512)"; flow:established,from_client; content:"GET"; http_method; content:"/45n.check|3f|t=t7nin0qs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dnb.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696512/; classtype:trojan-activity;sid:84559612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696513)"; flow:established,from_client; content:"GET"; http_method; content:"/vm1p8we3ar.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7nb.dae017f.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696513/; classtype:trojan-activity;sid:84559613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.65.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696511/; classtype:trojan-activity;sid:84559611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696510)"; flow:established,from_client; content:"GET"; http_method; content:"/lc4tpcvc3b.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b7k2.a-4n66k4.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696510/; classtype:trojan-activity;sid:84559610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696509)"; flow:established,from_client; content:"GET"; http_method; content:"/eev375e1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2xe.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696509/; classtype:trojan-activity;sid:84559609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.21.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696508/; classtype:trojan-activity;sid:84559608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.176.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696507/; classtype:trojan-activity;sid:84559607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.134.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696506/; classtype:trojan-activity;sid:84559606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696500)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696500/; classtype:trojan-activity;sid:84559600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696501)"; flow:established,from_client; content:"GET"; http_method; content:"/gomips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696501/; classtype:trojan-activity;sid:84559601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696502)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696502/; classtype:trojan-activity;sid:84559602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696503)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696503/; classtype:trojan-activity;sid:84559603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696504)"; flow:established,from_client; content:"GET"; http_method; content:"/gompsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696504/; classtype:trojan-activity;sid:84559604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696505)"; flow:established,from_client; content:"GET"; http_method; content:"/goarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696505/; classtype:trojan-activity;sid:84559605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696499)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.190.90.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696499/; classtype:trojan-activity;sid:84559599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696497)"; flow:established,from_client; content:"GET"; http_method; content:"/94f.google|3f|t=8niwaslz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"oka.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696497/; classtype:trojan-activity;sid:84559597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696498)"; flow:established,from_client; content:"GET"; http_method; content:"/t650s6r49n.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7nb.dae017f.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696498/; classtype:trojan-activity;sid:84559598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.67.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696496/; classtype:trojan-activity;sid:84559596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.21.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696495/; classtype:trojan-activity;sid:84559595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696494)"; flow:established,from_client; content:"GET"; http_method; content:"/etxi0hua0c.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x0p.a-4n66k4.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696494/; classtype:trojan-activity;sid:84559594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696493)"; flow:established,from_client; content:"GET"; http_method; content:"/c5anv2oq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"el4.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696493/; classtype:trojan-activity;sid:84559593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.88.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696492/; classtype:trojan-activity;sid:84559592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.26.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696491/; classtype:trojan-activity;sid:84559591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.196.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696490/; classtype:trojan-activity;sid:84559590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696489)"; flow:established,from_client; content:"GET"; http_method; content:"/jzr7i56fvy.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pj1.dae017f.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696489/; classtype:trojan-activity;sid:84559589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696488)"; flow:established,from_client; content:"GET"; http_method; content:"/au.check|3f|t=kd2f5o8l"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"el4.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696488/; classtype:trojan-activity;sid:84559588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.75.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696486/; classtype:trojan-activity;sid:84559586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.221.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696487/; classtype:trojan-activity;sid:84559587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696485)"; flow:established,from_client; content:"GET"; http_method; content:"/ujn.check|3f|t=ociouffd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iaz.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696485/; classtype:trojan-activity;sid:84559585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696484/; classtype:trojan-activity;sid:84559584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696483)"; flow:established,from_client; content:"GET"; http_method; content:"/x2h2vs2vx3.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xq9.dae017f.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696483/; classtype:trojan-activity;sid:84559583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.176.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696482/; classtype:trojan-activity;sid:84559582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.72.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696481/; classtype:trojan-activity;sid:84559581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696480)"; flow:established,from_client; content:"GET"; http_method; content:"/z2h1xo792r.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c4.dae017f.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696480/; classtype:trojan-activity;sid:84559580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696479)"; flow:established,from_client; content:"GET"; http_method; content:"/ze.google|3f|t=2mjelzqq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uqy.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696479/; classtype:trojan-activity;sid:84559579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696478)"; flow:established,from_client; content:"GET"; http_method; content:"/isb03hje4q.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m.2u-gd2ml.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696478/; classtype:trojan-activity;sid:84559578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696477)"; flow:established,from_client; content:"GET"; http_method; content:"/83cgj4jo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uqy.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696477/; classtype:trojan-activity;sid:84559577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.26.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696476/; classtype:trojan-activity;sid:84559576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696475)"; flow:established,from_client; content:"GET"; http_method; content:"/j4vwo7v5o7.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c4.dae017f.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696475/; classtype:trojan-activity;sid:84559575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696474)"; flow:established,from_client; content:"GET"; http_method; content:"/82.google|3f|t=2sr8vqra"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ua7.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696474/; classtype:trojan-activity;sid:84559574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.221.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696473/; classtype:trojan-activity;sid:84559573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.116.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696471/; classtype:trojan-activity;sid:84559571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696472/; classtype:trojan-activity;sid:84559572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.119.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696470/; classtype:trojan-activity;sid:84559570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696469)"; flow:established,from_client; content:"GET"; http_method; content:"/gn4t3ouiiv.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p9y1.j6e-0g-7.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696469/; classtype:trojan-activity;sid:84559569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.170.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696468/; classtype:trojan-activity;sid:84559568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696467)"; flow:established,from_client; content:"GET"; http_method; content:"/8iu600pp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3vo.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696467/; classtype:trojan-activity;sid:84559567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696465)"; flow:established,from_client; content:"GET"; http_method; content:"/nqm.google|3f|t=bfdkrz2x"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3vo.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696465/; classtype:trojan-activity;sid:84559565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696466)"; flow:established,from_client; content:"GET"; http_method; content:"/yr80ckbxsx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"ty.2bj82sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696466/; classtype:trojan-activity;sid:84559566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696464)"; flow:established,from_client; content:"GET"; http_method; content:"/cxb2hpfl99.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a0p2.2bj82sg.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696464/; classtype:trojan-activity;sid:84559564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696463)"; flow:established,from_client; content:"GET"; http_method; content:"/z9v.google|3f|t=2wxh1249"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"0m.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696463/; classtype:trojan-activity;sid:84559563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696462)"; flow:established,from_client; content:"GET"; http_method; content:"/qcsemgja9j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a0p2.2bj82sg.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696462/; classtype:trojan-activity;sid:84559562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696461)"; flow:established,from_client; content:"GET"; http_method; content:"/om6.google|3f|t=89xxzu03"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"t5.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696461/; classtype:trojan-activity;sid:84559561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696459/; classtype:trojan-activity;sid:84559559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.40.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696460/; classtype:trojan-activity;sid:84559560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696458)"; flow:established,from_client; content:"GET"; http_method; content:"/03e6mp4aw9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mzr.2bj82sg.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696458/; classtype:trojan-activity;sid:84559558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696457)"; flow:established,from_client; content:"GET"; http_method; content:"/g7.check|3f|t=6961e9hy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"b3.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696457/; classtype:trojan-activity;sid:84559557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696456)"; flow:established,from_client; content:"GET"; http_method; content:"/0m5fwb17tt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v93.2bj82sg.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696456/; classtype:trojan-activity;sid:84559556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696455)"; flow:established,from_client; content:"GET"; http_method; content:"/kimfqqqzsn.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m.q8-v-4of.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696455/; classtype:trojan-activity;sid:84559555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696453)"; flow:established,from_client; content:"GET"; http_method; content:"/n38w844m"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hk.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696453/; classtype:trojan-activity;sid:84559553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696454)"; flow:established,from_client; content:"GET"; http_method; content:"/iog.google|3f|t=l7ctbc8w"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hk.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696454/; classtype:trojan-activity;sid:84559554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.246.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696452/; classtype:trojan-activity;sid:84559552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.10.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696451/; classtype:trojan-activity;sid:84559551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696449/; classtype:trojan-activity;sid:84559549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.103.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696450/; classtype:trojan-activity;sid:84559550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696447)"; flow:established,from_client; content:"GET"; http_method; content:"/0h.check|3f|t=kgnx2clu"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"oc.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696447/; classtype:trojan-activity;sid:84559547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696448)"; flow:established,from_client; content:"GET"; http_method; content:"/vnx34z3ktv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v93.2bj82sg.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696448/; classtype:trojan-activity;sid:84559548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.254.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696446/; classtype:trojan-activity;sid:84559546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.40.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696445/; classtype:trojan-activity;sid:84559545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.225.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696444/; classtype:trojan-activity;sid:84559544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.64.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696443/; classtype:trojan-activity;sid:84559543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696442/; classtype:trojan-activity;sid:84559542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696441)"; flow:established,from_client; content:"GET"; http_method; content:"/pppoeb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.255.110.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696441/; classtype:trojan-activity;sid:84559541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696440)"; flow:established,from_client; content:"GET"; http_method; content:"/mwah"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.255.110.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696440/; classtype:trojan-activity;sid:84559540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696439)"; flow:established,from_client; content:"GET"; http_method; content:"/n24r8y0j0q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1k.2bj82sg.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696439/; classtype:trojan-activity;sid:84559539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696438)"; flow:established,from_client; content:"GET"; http_method; content:"/5l.google|3f|t=y3niq54g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7x.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696438/; classtype:trojan-activity;sid:84559538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696437)"; flow:established,from_client; content:"GET"; http_method; content:"/szbcq67h5t.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z9q.q8-v-4of.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696437/; classtype:trojan-activity;sid:84559537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696436)"; flow:established,from_client; content:"GET"; http_method; content:"/wdogsm19"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7x.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696436/; classtype:trojan-activity;sid:84559536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696435/; classtype:trojan-activity;sid:84559535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.103.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696434/; classtype:trojan-activity;sid:84559534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696433)"; flow:established,from_client; content:"GET"; http_method; content:"/uewmswontc.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z9q.q8-v-4of.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696433/; classtype:trojan-activity;sid:84559533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696432)"; flow:established,from_client; content:"GET"; http_method; content:"/odlu86ro"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9q.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696432/; classtype:trojan-activity;sid:84559532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696430)"; flow:established,from_client; content:"GET"; http_method; content:"/ufwozfzbrx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h1k.2bj82sg.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696430/; classtype:trojan-activity;sid:84559530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696431)"; flow:established,from_client; content:"GET"; http_method; content:"/qv.check|3f|t=0v6n8438"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"9q.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696431/; classtype:trojan-activity;sid:84559531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.64.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696429/; classtype:trojan-activity;sid:84559529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.254.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696428/; classtype:trojan-activity;sid:84559528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696427/; classtype:trojan-activity;sid:84559527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696426)"; flow:established,from_client; content:"GET"; http_method; content:"/30ae2ms7g8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7.2bj82sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696426/; classtype:trojan-activity;sid:84559526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696425)"; flow:established,from_client; content:"GET"; http_method; content:"/dj.google|3f|t=ee3hqldb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4jb.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696425/; classtype:trojan-activity;sid:84559525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.65.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696424/; classtype:trojan-activity;sid:84559524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696422)"; flow:established,from_client; content:"GET"; http_method; content:"/nppcdpxa"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4jb.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696422/; classtype:trojan-activity;sid:84559522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696423)"; flow:established,from_client; content:"GET"; http_method; content:"/i85jf5g4wt.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k2.q8-v-4of.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696423/; classtype:trojan-activity;sid:84559523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696421)"; flow:established,from_client; content:"GET"; http_method; content:"/ao0ufoud1j.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k0fj3.k9-2g8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696421/; classtype:trojan-activity;sid:84559521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696419)"; flow:established,from_client; content:"GET"; http_method; content:"/828xtejf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"it4.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696419/; classtype:trojan-activity;sid:84559519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696420)"; flow:established,from_client; content:"GET"; http_method; content:"/zpg6tnygne.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7.2bj82sg.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696420/; classtype:trojan-activity;sid:84559520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696418)"; flow:established,from_client; content:"GET"; http_method; content:"/nsd.check|3f|t=tshz28jc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"it4.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696418/; classtype:trojan-activity;sid:84559518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.93.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696417/; classtype:trojan-activity;sid:84559517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696416)"; flow:established,from_client; content:"GET"; http_method; content:"/q6a13xi27h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f3n7k.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696416/; classtype:trojan-activity;sid:84559516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696415)"; flow:established,from_client; content:"GET"; http_method; content:"/d8.check|3f|t=ox0w43ov"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cmk.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696415/; classtype:trojan-activity;sid:84559515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696414)"; flow:established,from_client; content:"GET"; http_method; content:"/9m32e79zt9.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r6tva.k9-2g8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696414/; classtype:trojan-activity;sid:84559514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696413)"; flow:established,from_client; content:"GET"; http_method; content:"/cyo4e9f5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cmk.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696413/; classtype:trojan-activity;sid:84559513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696412)"; flow:established,from_client; content:"GET"; http_method; content:"/4z.google|3f|t=t1vb0ql0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rea.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696412/; classtype:trojan-activity;sid:84559512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.182.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696411/; classtype:trojan-activity;sid:84559511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696410)"; flow:established,from_client; content:"GET"; http_method; content:"/nuei83h8rg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f3n7k.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696410/; classtype:trojan-activity;sid:84559510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.65.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696409/; classtype:trojan-activity;sid:84559509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696408)"; flow:established,from_client; content:"GET"; http_method; content:"/zispb9ibrc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b5y2q.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696408/; classtype:trojan-activity;sid:84559508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696407)"; flow:established,from_client; content:"GET"; http_method; content:"/77t5ssg4tg.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w1hb.k9-2g8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696407/; classtype:trojan-activity;sid:84559507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696405)"; flow:established,from_client; content:"GET"; http_method; content:"/8uo.google|3f|t=dgay77jv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2dx.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696405/; classtype:trojan-activity;sid:84559505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696406)"; flow:established,from_client; content:"GET"; http_method; content:"/7rawll8i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2dx.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696406/; classtype:trojan-activity;sid:84559506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.83.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696404/; classtype:trojan-activity;sid:84559504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696403)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/ki6doqb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696403/; classtype:trojan-activity;sid:84559503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696402)"; flow:established,from_client; content:"GET"; http_method; content:"/rxanl3nj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"umv.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696402/; classtype:trojan-activity;sid:84559502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696401)"; flow:established,from_client; content:"GET"; http_method; content:"/5whpg99ufe.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w1hb.k9-2g8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696401/; classtype:trojan-activity;sid:84559501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696400)"; flow:established,from_client; content:"GET"; http_method; content:"/o0x.google|3f|t=0m2nys12"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"umv.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696400/; classtype:trojan-activity;sid:84559500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696399)"; flow:established,from_client; content:"GET"; http_method; content:"/vas7u9jgk5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b5y2q.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696399/; classtype:trojan-activity;sid:84559499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.220.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696397/; classtype:trojan-activity;sid:84559497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.186.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696398/; classtype:trojan-activity;sid:84559498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.186.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696396/; classtype:trojan-activity;sid:84559496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696395)"; flow:established,from_client; content:"GET"; http_method; content:"/sdtsncryje.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z0t8n.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696395/; classtype:trojan-activity;sid:84559495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696394)"; flow:established,from_client; content:"GET"; http_method; content:"/u1.google|3f|t=twbe6vcl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6vy.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696394/; classtype:trojan-activity;sid:84559494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.240.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696393/; classtype:trojan-activity;sid:84559493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.35.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696392/; classtype:trojan-activity;sid:84559492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.217.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696391/; classtype:trojan-activity;sid:84559491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696390)"; flow:established,from_client; content:"GET"; http_method; content:"/tgzrqlonpb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z0t8n.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696390/; classtype:trojan-activity;sid:84559490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696389)"; flow:established,from_client; content:"GET"; http_method; content:"/1lm7t55g2w.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d3zq9.k9-2g8.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696389/; classtype:trojan-activity;sid:84559489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696387)"; flow:established,from_client; content:"GET"; http_method; content:"/gzs.check|3f|t=abmezjyl"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ti1.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696387/; classtype:trojan-activity;sid:84559487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696388)"; flow:established,from_client; content:"GET"; http_method; content:"/n9sjj70y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ti1.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696388/; classtype:trojan-activity;sid:84559488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.141.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696386/; classtype:trojan-activity;sid:84559486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.167.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696385/; classtype:trojan-activity;sid:84559485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696384)"; flow:established,from_client; content:"GET"; http_method; content:"/edfss9rgmx.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y7m2.k9-2g8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696384/; classtype:trojan-activity;sid:84559484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696383)"; flow:established,from_client; content:"GET"; http_method; content:"/iz6zttfs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9xy.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696383/; classtype:trojan-activity;sid:84559483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.40.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696382/; classtype:trojan-activity;sid:84559482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696381)"; flow:established,from_client; content:"GET"; http_method; content:"/ugkvb0a3u3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7l3a.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696381/; classtype:trojan-activity;sid:84559481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696380)"; flow:established,from_client; content:"GET"; http_method; content:"/2o.check|3f|t=z871t52o"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"9xy.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696380/; classtype:trojan-activity;sid:84559480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.35.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696379/; classtype:trojan-activity;sid:84559479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.75.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696378/; classtype:trojan-activity;sid:84559478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696377)"; flow:established,from_client; content:"GET"; http_method; content:"/settings"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"settingss.pages.dev"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696377/; classtype:trojan-activity;sid:84559477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.6.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696376/; classtype:trojan-activity;sid:84559476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696375)"; flow:established,from_client; content:"GET"; http_method; content:"/content/plugins/fr3.lim"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nelees.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696375/; classtype:trojan-activity;sid:84559475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696374)"; flow:established,from_client; content:"GET"; http_method; content:"/win64/file/update.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"vickitmorrison.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696374/; classtype:trojan-activity;sid:84559474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.112.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696373/; classtype:trojan-activity;sid:84559473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.23.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696372/; classtype:trojan-activity;sid:84559472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696371)"; flow:established,from_client; content:"GET"; http_method; content:"/7h5f.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"graffetti.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696371/; classtype:trojan-activity;sid:84559471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696370)"; flow:established,from_client; content:"GET"; http_method; content:"/settings"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"settings-4av.pages.dev"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696370/; classtype:trojan-activity;sid:84559470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.165.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696369/; classtype:trojan-activity;sid:84559469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.17.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696368/; classtype:trojan-activity;sid:84559468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.181.82.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696364/; classtype:trojan-activity;sid:84559464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696365/; classtype:trojan-activity;sid:84559465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.15.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696366/; classtype:trojan-activity;sid:84559466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.40.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696367/; classtype:trojan-activity;sid:84559467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.42.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696362/; classtype:trojan-activity;sid:84559462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696363/; classtype:trojan-activity;sid:84559463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.197.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696361/; classtype:trojan-activity;sid:84559461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696359)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=7wp3twy0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jo.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696359/; classtype:trojan-activity;sid:84559459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696360)"; flow:established,from_client; content:"GET"; http_method; content:"/x6u6vutmj8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x1r9.798u-g.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696360/; classtype:trojan-activity;sid:84559460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.145.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696358/; classtype:trojan-activity;sid:84559458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696357/; classtype:trojan-activity;sid:84559457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696356)"; flow:established,from_client; content:"GET"; http_method; content:"/44hwucf9x2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2p6m.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696356/; classtype:trojan-activity;sid:84559456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696355)"; flow:established,from_client; content:"GET"; http_method; content:"/8b.google|3f|t=zy9cm99g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xt.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696355/; classtype:trojan-activity;sid:84559455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696354/; classtype:trojan-activity;sid:84559454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.116.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696353/; classtype:trojan-activity;sid:84559453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.89.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696352/; classtype:trojan-activity;sid:84559452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.75.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696351/; classtype:trojan-activity;sid:84559451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.83.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696350/; classtype:trojan-activity;sid:84559450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696349)"; flow:established,from_client; content:"GET"; http_method; content:"/q0n2cxflpe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2p6m.798u-g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696349/; classtype:trojan-activity;sid:84559449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696348)"; flow:established,from_client; content:"GET"; http_method; content:"/lm5.check|3f|t=i9st8jms"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0y.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696348/; classtype:trojan-activity;sid:84559448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696347)"; flow:established,from_client; content:"GET"; http_method; content:"/v54e3ll9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0y.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696347/; classtype:trojan-activity;sid:84559447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.217.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696345/; classtype:trojan-activity;sid:84559445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696346/; classtype:trojan-activity;sid:84559446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.228.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696344/; classtype:trojan-activity;sid:84559444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696342)"; flow:established,from_client; content:"GET"; http_method; content:"/6s.google|3f|t=fntv5m41"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wm.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696342/; classtype:trojan-activity;sid:84559442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696343)"; flow:established,from_client; content:"GET"; http_method; content:"/zl5p20chnf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d8k3a.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696343/; classtype:trojan-activity;sid:84559443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696341/; classtype:trojan-activity;sid:84559441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.104.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696340/; classtype:trojan-activity;sid:84559440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.197.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696339/; classtype:trojan-activity;sid:84559439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696338)"; flow:established,from_client; content:"GET"; http_method; content:"/y2r.google|3f|t=ts3euawj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"9e.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696338/; classtype:trojan-activity;sid:84559438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696337)"; flow:established,from_client; content:"GET"; http_method; content:"/127o40f2w5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d8k3a.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696337/; classtype:trojan-activity;sid:84559437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696336)"; flow:established,from_client; content:"GET"; http_method; content:"/y4nojvwjfo.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c8r1n.9-s-7g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696336/; classtype:trojan-activity;sid:84559436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696335)"; flow:established,from_client; content:"GET"; http_method; content:"/b20oc6n8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9e.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696335/; classtype:trojan-activity;sid:84559435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696334)"; flow:established,from_client; content:"GET"; http_method; content:"/uvgstr465n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m4qwe.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696334/; classtype:trojan-activity;sid:84559434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696333)"; flow:established,from_client; content:"GET"; http_method; content:"/rq.check|3f|t=zprflxkd"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"y9.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696333/; classtype:trojan-activity;sid:84559433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696332)"; flow:established,from_client; content:"GET"; http_method; content:"/8ellv3mqzp.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z5tq.9-s-7g.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696332/; classtype:trojan-activity;sid:84559432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696331)"; flow:established,from_client; content:"GET"; http_method; content:"/g5b3ttli"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y9.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696331/; classtype:trojan-activity;sid:84559431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.206.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696330/; classtype:trojan-activity;sid:84559430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.29.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696329/; classtype:trojan-activity;sid:84559429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696328)"; flow:established,from_client; content:"GET"; http_method; content:"/files/503008312/c8c1bbe.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696328/; classtype:trojan-activity;sid:84559428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696326)"; flow:established,from_client; content:"GET"; http_method; content:"/io.google|3f|t=8i5pfipt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7h.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696326/; classtype:trojan-activity;sid:84559426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696327)"; flow:established,from_client; content:"GET"; http_method; content:"/lhsypnkion.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m4qwe.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696327/; classtype:trojan-activity;sid:84559427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.15.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696325/; classtype:trojan-activity;sid:84559425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696323)"; flow:established,from_client; content:"GET"; http_method; content:"/20u.google|3f|t=1kdwkvtw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"74.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696323/; classtype:trojan-activity;sid:84559423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696324)"; flow:established,from_client; content:"GET"; http_method; content:"/39zwodd7p8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g5z9.j0-e-t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696324/; classtype:trojan-activity;sid:84559424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696322/; classtype:trojan-activity;sid:84559422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.176.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696321/; classtype:trojan-activity;sid:84559421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696320)"; flow:established,from_client; content:"GET"; http_method; content:"/905wm80mz3.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x2w7.9-s-7g.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696320/; classtype:trojan-activity;sid:84559420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696319)"; flow:established,from_client; content:"GET"; http_method; content:"/leqjhavd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696319/; classtype:trojan-activity;sid:84559419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.73.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696318/; classtype:trojan-activity;sid:84559418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.252.205.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696317/; classtype:trojan-activity;sid:84559417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696316)"; flow:established,from_client; content:"GET"; http_method; content:"/1vrw5at6lf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g5z9.j0-e-t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696316/; classtype:trojan-activity;sid:84559416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696315)"; flow:established,from_client; content:"GET"; http_method; content:"/ca2.google|3f|t=xm2rys83"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fp.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696315/; classtype:trojan-activity;sid:84559415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696314/; classtype:trojan-activity;sid:84559414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.158.212.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696313/; classtype:trojan-activity;sid:84559413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696312)"; flow:established,from_client; content:"GET"; http_method; content:"/ixd.check|3f|t=frsmlh0a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"648.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696312/; classtype:trojan-activity;sid:84559412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.211.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696311/; classtype:trojan-activity;sid:84559411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696310)"; flow:established,from_client; content:"GET"; http_method; content:"/aon5cvksxi.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p9akm.9-s-7g.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696310/; classtype:trojan-activity;sid:84559410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696309)"; flow:established,from_client; content:"GET"; http_method; content:"/zw76t303"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"648.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696309/; classtype:trojan-activity;sid:84559409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.104.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696308/; classtype:trojan-activity;sid:84559408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.211.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696307/; classtype:trojan-activity;sid:84559407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696306)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/zyx5fqy.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696306/; classtype:trojan-activity;sid:84559406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696305)"; flow:established,from_client; content:"GET"; http_method; content:"/ijs.check|3f|t=s5f3h69x"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tr8.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696305/; classtype:trojan-activity;sid:84559405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696304)"; flow:established,from_client; content:"GET"; http_method; content:"/76h549i27j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r6t1x.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696304/; classtype:trojan-activity;sid:84559404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696303)"; flow:established,from_client; content:"GET"; http_method; content:"/atd2u6nidk.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h3v2.9-s-7g.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696303/; classtype:trojan-activity;sid:84559403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696302)"; flow:established,from_client; content:"GET"; http_method; content:"/svx5hul2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3wa.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696302/; classtype:trojan-activity;sid:84559402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696301)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696301/; classtype:trojan-activity;sid:84559401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696298)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696298/; classtype:trojan-activity;sid:84559398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696299)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696299/; classtype:trojan-activity;sid:84559399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696300)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696300/; classtype:trojan-activity;sid:84559400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696297)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696297/; classtype:trojan-activity;sid:84559397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.16.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696296/; classtype:trojan-activity;sid:84559396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696295)"; flow:established,from_client; content:"GET"; http_method; content:"/939g6przxg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0b7n.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696295/; classtype:trojan-activity;sid:84559395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696294)"; flow:established,from_client; content:"GET"; http_method; content:"/bh.google|3f|t=zsbuvmmy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3wa.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696294/; classtype:trojan-activity;sid:84559394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696293)"; flow:established,from_client; content:"GET"; http_method; content:"/7wpghtm6z4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0b7n.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696293/; classtype:trojan-activity;sid:84559393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696292)"; flow:established,from_client; content:"GET"; http_method; content:"/hgp.check|3f|t=2ynemzci"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5qi.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696292/; classtype:trojan-activity;sid:84559392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696290)"; flow:established,from_client; content:"GET"; http_method; content:"/launcher.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.188.127.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696290/; classtype:trojan-activity;sid:84559390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.157.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696291/; classtype:trojan-activity;sid:84559391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.183.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696289/; classtype:trojan-activity;sid:84559389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.97.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696288/; classtype:trojan-activity;sid:84559388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696286)"; flow:established,from_client; content:"GET"; http_method; content:"/uo.google|3f|t=8svk00z3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7xk.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696286/; classtype:trojan-activity;sid:84559386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696287)"; flow:established,from_client; content:"GET"; http_method; content:"/80ib03zp9l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c2m8q.j0-e-t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696287/; classtype:trojan-activity;sid:84559387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696285)"; flow:established,from_client; content:"GET"; http_method; content:"/xucon3ebam.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w3q0.7mdmu7og.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696285/; classtype:trojan-activity;sid:84559385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696284)"; flow:established,from_client; content:"GET"; http_method; content:"/lbtqh02l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7xk.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696284/; classtype:trojan-activity;sid:84559384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.149.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696283/; classtype:trojan-activity;sid:84559383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696282)"; flow:established,from_client; content:"GET"; http_method; content:"/dub0yv1q9w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n7w3a.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696282/; classtype:trojan-activity;sid:84559382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696281)"; flow:established,from_client; content:"GET"; http_method; content:"/dq.google|3f|t=2g9wlg22"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4es.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696281/; classtype:trojan-activity;sid:84559381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696280)"; flow:established,from_client; content:"GET"; http_method; content:"/jj08whvmsu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n7w3a.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696280/; classtype:trojan-activity;sid:84559380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696279)"; flow:established,from_client; content:"GET"; http_method; content:"/xne.google|3f|t=fl3yl8v0"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fcq.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696279/; classtype:trojan-activity;sid:84559379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.97.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696278/; classtype:trojan-activity;sid:84559378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.183.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696277/; classtype:trojan-activity;sid:84559377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696276)"; flow:established,from_client; content:"GET"; http_method; content:"/lf04aob4h4.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a9.7mdmu7og.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696276/; classtype:trojan-activity;sid:84559376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696275)"; flow:established,from_client; content:"GET"; http_method; content:"/jek7zpsu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fcq.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696275/; classtype:trojan-activity;sid:84559375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.23.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696274/; classtype:trojan-activity;sid:84559374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.32.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696273/; classtype:trojan-activity;sid:84559373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.29.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696272/; classtype:trojan-activity;sid:84559372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696271)"; flow:established,from_client; content:"GET"; http_method; content:"/8e2pruo6m0.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n4.7mdmu7og.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696271/; classtype:trojan-activity;sid:84559371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696270)"; flow:established,from_client; content:"GET"; http_method; content:"/nh4sjfg0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zl.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696270/; classtype:trojan-activity;sid:84559370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.192.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696269/; classtype:trojan-activity;sid:84559369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696268)"; flow:established,from_client; content:"GET"; http_method; content:"/76s.check|3f|t=d1t8yw5p"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zl.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696268/; classtype:trojan-activity;sid:84559368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696267)"; flow:established,from_client; content:"GET"; http_method; content:"/xd9toor75a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u4r8c.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696267/; classtype:trojan-activity;sid:84559367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696265)"; flow:established,from_client; content:"GET"; http_method; content:"/uj.check|3f|t=g9f5gfna"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ng.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696265/; classtype:trojan-activity;sid:84559365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696266)"; flow:established,from_client; content:"GET"; http_method; content:"/ywjnsk0bvf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u4r8c.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696266/; classtype:trojan-activity;sid:84559366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696264)"; flow:established,from_client; content:"GET"; http_method; content:"/oe5ndynsy2.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d5.1-b03-1q.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696264/; classtype:trojan-activity;sid:84559364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696263)"; flow:established,from_client; content:"GET"; http_method; content:"/v5rx1zlj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ng.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696263/; classtype:trojan-activity;sid:84559363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.252.205.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696262/; classtype:trojan-activity;sid:84559362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.96.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696261/; classtype:trojan-activity;sid:84559361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696260)"; flow:established,from_client; content:"GET"; http_method; content:"/p6cum1y9xk.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y0a3.1-b03-1q.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696260/; classtype:trojan-activity;sid:84559360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696259)"; flow:established,from_client; content:"GET"; http_method; content:"/pjt5x6zk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"or.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696259/; classtype:trojan-activity;sid:84559359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696258)"; flow:established,from_client; content:"GET"; http_method; content:"/gwt.google|3f|t=0jhi379t"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"or.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696258/; classtype:trojan-activity;sid:84559358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696257)"; flow:established,from_client; content:"GET"; http_method; content:"/8rmczxghf5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9z2.t-7-1u.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696257/; classtype:trojan-activity;sid:84559357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.199.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696256/; classtype:trojan-activity;sid:84559356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696255)"; flow:established,from_client; content:"GET"; http_method; content:"/sygodti46v.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p5x0d.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696255/; classtype:trojan-activity;sid:84559355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696254)"; flow:established,from_client; content:"GET"; http_method; content:"/5v.google|3f|t=b7v4htp5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gy.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696254/; classtype:trojan-activity;sid:84559354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696253)"; flow:established,from_client; content:"GET"; http_method; content:"/emznxz8ay6.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q7m.1-b03-1q.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696253/; classtype:trojan-activity;sid:84559353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696252)"; flow:established,from_client; content:"GET"; http_method; content:"/cqtqglhi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gy.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696252/; classtype:trojan-activity;sid:84559352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.10.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696251/; classtype:trojan-activity;sid:84559351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.96.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696250/; classtype:trojan-activity;sid:84559350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696248)"; flow:established,from_client; content:"GET"; http_method; content:"/n200xwacsi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a1t7m.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696248/; classtype:trojan-activity;sid:84559348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696249)"; flow:established,from_client; content:"GET"; http_method; content:"/69z.google|3f|t=rqiqp26d"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"21.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696249/; classtype:trojan-activity;sid:84559349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.115.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696247/; classtype:trojan-activity;sid:84559347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696246)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7948739500/5cwjjt0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696246/; classtype:trojan-activity;sid:84559346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696245)"; flow:established,from_client; content:"GET"; http_method; content:"/z4pfesnp5g.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v1.1-b03-1q.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696245/; classtype:trojan-activity;sid:84559345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696244)"; flow:established,from_client; content:"GET"; http_method; content:"/qbuz0i5x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bl.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696244/; classtype:trojan-activity;sid:84559344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696242)"; flow:established,from_client; content:"GET"; http_method; content:"/cu8.check|3f|t=7l18dxs2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"bl.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696242/; classtype:trojan-activity;sid:84559342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696243)"; flow:established,from_client; content:"GET"; http_method; content:"/xv4i4ubrzf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h3v9q.t-7-1u.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696243/; classtype:trojan-activity;sid:84559343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696241/; classtype:trojan-activity;sid:84559341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.10.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696240/; classtype:trojan-activity;sid:84559340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.212.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696239/; classtype:trojan-activity;sid:84559339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696238)"; flow:established,from_client; content:"GET"; http_method; content:"/70xnklused.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a4m2.r0en3ap.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696238/; classtype:trojan-activity;sid:84559338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696237)"; flow:established,from_client; content:"GET"; http_method; content:"/7v2.google|3f|t=sibw4fbu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"1t.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696237/; classtype:trojan-activity;sid:84559337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.199.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696236/; classtype:trojan-activity;sid:84559336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696235)"; flow:established,from_client; content:"GET"; http_method; content:"/p5slb720pe.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r2t3.0-xv-3i5.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696235/; classtype:trojan-activity;sid:84559335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696234)"; flow:established,from_client; content:"GET"; http_method; content:"/ottin15z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1t.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696234/; classtype:trojan-activity;sid:84559334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.115.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696233/; classtype:trojan-activity;sid:84559333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696232)"; flow:established,from_client; content:"GET"; http_method; content:"/lq0xy1g3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qfl.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696232/; classtype:trojan-activity;sid:84559332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696231)"; flow:established,from_client; content:"GET"; http_method; content:"/aqjk9xx3eh.otf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r2t3.0-xv-3i5.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696231/; classtype:trojan-activity;sid:84559331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696229)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.46.158.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696229/; classtype:trojan-activity;sid:84559329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696230)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.46.158.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696230/; classtype:trojan-activity;sid:84559330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696228)"; flow:established,from_client; content:"GET"; http_method; content:"/plop"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.46.158.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696228/; classtype:trojan-activity;sid:84559328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696227)"; flow:established,from_client; content:"GET"; http_method; content:"/ycd.check|3f|t=jtog2riy"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qfl.d3-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696227/; classtype:trojan-activity;sid:84559327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696226/; classtype:trojan-activity;sid:84559326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696225)"; flow:established,from_client; content:"GET"; http_method; content:"/ko17anvr6f.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tt7.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696225/; classtype:trojan-activity;sid:84559325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696224)"; flow:established,from_client; content:"GET"; http_method; content:"/pcw.check|3f|t=iliku3xd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jss.5b-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696224/; classtype:trojan-activity;sid:84559324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696223)"; flow:established,from_client; content:"GET"; http_method; content:"/op1cviqib3.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v5q.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696223/; classtype:trojan-activity;sid:84559323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696222)"; flow:established,from_client; content:"GET"; http_method; content:"/molop"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696222/; classtype:trojan-activity;sid:84559322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.81.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696221/; classtype:trojan-activity;sid:84559321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.248.43"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696220/; classtype:trojan-activity;sid:84559320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696219)"; flow:established,from_client; content:"GET"; http_method; content:"/4j7sdznbh9.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p6.0-xv-3i5.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696219/; classtype:trojan-activity;sid:84559319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696218)"; flow:established,from_client; content:"GET"; http_method; content:"/ebu8wlpo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iru.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696218/; classtype:trojan-activity;sid:84559318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696217/; classtype:trojan-activity;sid:84559317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696216)"; flow:established,from_client; content:"GET"; http_method; content:"/ib.check|3f|t=1ow3khqc"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"iru.z-x0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696216/; classtype:trojan-activity;sid:84559316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696215/; classtype:trojan-activity;sid:84559315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696214)"; flow:established,from_client; content:"GET"; http_method; content:"/aoxcf08j7d.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n0z.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696214/; classtype:trojan-activity;sid:84559314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696213)"; flow:established,from_client; content:"GET"; http_method; content:"/w4.google|3f|t=3hcmlyw2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vyt.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696213/; classtype:trojan-activity;sid:84559313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696212)"; flow:established,from_client; content:"GET"; http_method; content:"/zyfyxsmbxq.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m.366a4362.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696212/; classtype:trojan-activity;sid:84559312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696211)"; flow:established,from_client; content:"GET"; http_method; content:"/4lvq9xka"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vyt.24s6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696211/; classtype:trojan-activity;sid:84559311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.225.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696210/; classtype:trojan-activity;sid:84559310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.104.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696209/; classtype:trojan-activity;sid:84559309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.144.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696208/; classtype:trojan-activity;sid:84559308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696206)"; flow:established,from_client; content:"GET"; http_method; content:"/gvheltkk.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"95.164.53.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696206/; classtype:trojan-activity;sid:84559306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696207)"; flow:established,from_client; content:"GET"; http_method; content:"/mames33.wav"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.120.126.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696207/; classtype:trojan-activity;sid:84559307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696205)"; flow:established,from_client; content:"GET"; http_method; content:"/rs.vbs"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.164.53.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696205/; classtype:trojan-activity;sid:84559305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696204)"; flow:established,from_client; content:"GET"; http_method; content:"/content/plugins/verification/cloudflare_challenge/not_a_robot/id6362572"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"summerandsilver.co.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696204/; classtype:trojan-activity;sid:84559304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.118.37.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696200/; classtype:trojan-activity;sid:84559300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.132.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696201/; classtype:trojan-activity;sid:84559301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.112.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696202/; classtype:trojan-activity;sid:84559302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.177.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696203/; classtype:trojan-activity;sid:84559303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.128.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696198/; classtype:trojan-activity;sid:84559298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.245.37.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696199/; classtype:trojan-activity;sid:84559299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696197)"; flow:established,from_client; content:"GET"; http_method; content:"/0/items/nisibmrl-3997/toumaf.txt"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"dn710107.ca.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696197/; classtype:trojan-activity;sid:84559297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696196/; classtype:trojan-activity;sid:84559296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696195)"; flow:established,from_client; content:"GET"; http_method; content:"/27/items/toumaf/toumaf.html"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"ia601301.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696195/; classtype:trojan-activity;sid:84559295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696194)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/fgptmxd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696194/; classtype:trojan-activity;sid:84559294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696193)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/aqpijp4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696193/; classtype:trojan-activity;sid:84559293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.32.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696192/; classtype:trojan-activity;sid:84559292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696191)"; flow:established,from_client; content:"GET"; http_method; content:"/rv8k54ecwr.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zq8.366a4362.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696191/; classtype:trojan-activity;sid:84559291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696190)"; flow:established,from_client; content:"GET"; http_method; content:"/qb23cchl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gsj.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696190/; classtype:trojan-activity;sid:84559290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696189)"; flow:established,from_client; content:"GET"; http_method; content:"/wb6.google|3f|t=5hm1yo49"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"gsj.n2vr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696189/; classtype:trojan-activity;sid:84559289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696188)"; flow:established,from_client; content:"GET"; http_method; content:"/9zgvs5s8xx.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3rj.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696188/; classtype:trojan-activity;sid:84559288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.192.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696187/; classtype:trojan-activity;sid:84559287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696186)"; flow:established,from_client; content:"GET"; http_method; content:"/42jdhc7xja.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3rj.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696186/; classtype:trojan-activity;sid:84559286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696185)"; flow:established,from_client; content:"GET"; http_method; content:"/mib7q1i20n.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k3.366a4362.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696185/; classtype:trojan-activity;sid:84559285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696184)"; flow:established,from_client; content:"GET"; http_method; content:"/x85d34hs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ojt.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696184/; classtype:trojan-activity;sid:84559284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696183)"; flow:established,from_client; content:"GET"; http_method; content:"/v5.google|3f|t=i9k06qux"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ojt.dc-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696183/; classtype:trojan-activity;sid:84559283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696182)"; flow:established,from_client; content:"GET"; http_method; content:"/9g6cp69w15.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j1c5p.7d0re6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696182/; classtype:trojan-activity;sid:84559282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696181)"; flow:established,from_client; content:"GET"; http_method; content:"/24ldlyeo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h3u.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696181/; classtype:trojan-activity;sid:84559281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696180)"; flow:established,from_client; content:"GET"; http_method; content:"/mj.google|3f|t=bgh42qkx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h3u.8i-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696180/; classtype:trojan-activity;sid:84559280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696179)"; flow:established,from_client; content:"GET"; http_method; content:"/ec812jva47.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"3rj.r0en3ap.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696179/; classtype:trojan-activity;sid:84559279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.86.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696178/; classtype:trojan-activity;sid:84559278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696177/; classtype:trojan-activity;sid:84559277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696176)"; flow:established,from_client; content:"GET"; http_method; content:"/r7eekhtb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m3p.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696176/; classtype:trojan-activity;sid:84559276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696175)"; flow:established,from_client; content:"GET"; http_method; content:"/rh06m6yspu.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t4x1.7d0re6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696175/; classtype:trojan-activity;sid:84559275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.136.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696174/; classtype:trojan-activity;sid:84559274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.89.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696173/; classtype:trojan-activity;sid:84559273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.255.177.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696172/; classtype:trojan-activity;sid:84559272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.81.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696171/; classtype:trojan-activity;sid:84559271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696170)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/1yb0enm.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696170/; classtype:trojan-activity;sid:84559270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.132.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696169/; classtype:trojan-activity;sid:84559269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.245.2.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696168/; classtype:trojan-activity;sid:84559268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.255.177.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696167/; classtype:trojan-activity;sid:84559267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.89.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696166/; classtype:trojan-activity;sid:84559266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.81.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696165/; classtype:trojan-activity;sid:84559265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696164)"; flow:established,from_client; content:"GET"; http_method; content:"/t9faakb64w.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k8.r0en3ap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696164/; classtype:trojan-activity;sid:84559264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696163)"; flow:established,from_client; content:"GET"; http_method; content:"/8a.check|3f|t=n61d6qr6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m3p.z2q2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696163/; classtype:trojan-activity;sid:84559263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696162/; classtype:trojan-activity;sid:84559262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.23.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696161/; classtype:trojan-activity;sid:84559261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.19.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696160/; classtype:trojan-activity;sid:84559260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696159)"; flow:established,from_client; content:"GET"; http_method; content:"/d4nzk6heer.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k8.r0en3ap.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696159/; classtype:trojan-activity;sid:84559259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696158)"; flow:established,from_client; content:"GET"; http_method; content:"/ou5.check|3f|t=ke1298is"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cy6.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696158/; classtype:trojan-activity;sid:84559258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696157)"; flow:established,from_client; content:"GET"; http_method; content:"/3bgn25go"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cy6.7-h9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696157/; classtype:trojan-activity;sid:84559257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696147)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696147/; classtype:trojan-activity;sid:84559247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696148)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696148/; classtype:trojan-activity;sid:84559248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696149)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696149/; classtype:trojan-activity;sid:84559249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696150)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696150/; classtype:trojan-activity;sid:84559250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696151)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696151/; classtype:trojan-activity;sid:84559251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696152)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696152/; classtype:trojan-activity;sid:84559252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696153)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696153/; classtype:trojan-activity;sid:84559253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696154)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696154/; classtype:trojan-activity;sid:84559254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696155)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696155/; classtype:trojan-activity;sid:84559255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696156)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.151.91.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696156/; classtype:trojan-activity;sid:84559256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.46.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696146/; classtype:trojan-activity;sid:84559246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.254.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696143/; classtype:trojan-activity;sid:84559243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.218.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696144/; classtype:trojan-activity;sid:84559244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.46.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696145/; classtype:trojan-activity;sid:84559245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696141)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696141/; classtype:trojan-activity;sid:84559241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696142)"; flow:established,from_client; content:"GET"; http_method; content:"/nze3svz0zz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a7k.7d0re6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696142/; classtype:trojan-activity;sid:84559242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696137)"; flow:established,from_client; content:"GET"; http_method; content:"/fa.google|3f|t=avu9pm3g"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0v.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696137/; classtype:trojan-activity;sid:84559237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696138)"; flow:established,from_client; content:"GET"; http_method; content:"/wnpm2xol"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0v.wo-h3.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696138/; classtype:trojan-activity;sid:84559238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696139)"; flow:established,from_client; content:"GET"; http_method; content:"/3v5gxa2pez.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3w4.1051lt6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696139/; classtype:trojan-activity;sid:84559239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696140)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696140/; classtype:trojan-activity;sid:84559240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696136)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.103.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696136/; classtype:trojan-activity;sid:84559236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696135)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.83.110.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696135/; classtype:trojan-activity;sid:84559235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696134)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.184.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696134/; classtype:trojan-activity;sid:84559234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696132)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696132/; classtype:trojan-activity;sid:84559232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696133)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696133/; classtype:trojan-activity;sid:84559233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696131)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.254.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696131/; classtype:trojan-activity;sid:84559231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696130)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.84.254.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696130/; classtype:trojan-activity;sid:84559230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696129/; classtype:trojan-activity;sid:84559229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696128)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696128/; classtype:trojan-activity;sid:84559228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696127)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696127/; classtype:trojan-activity;sid:84559227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696126)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696126/; classtype:trojan-activity;sid:84559226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696125)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696125/; classtype:trojan-activity;sid:84559225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696124)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696124/; classtype:trojan-activity;sid:84559224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696123)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696123/; classtype:trojan-activity;sid:84559223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696122)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696122/; classtype:trojan-activity;sid:84559222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696118)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696118/; classtype:trojan-activity;sid:84559218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696119)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.84.184.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696119/; classtype:trojan-activity;sid:84559219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696120)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696120/; classtype:trojan-activity;sid:84559220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696121)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696121/; classtype:trojan-activity;sid:84559221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696117)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696117/; classtype:trojan-activity;sid:84559217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696115)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696115/; classtype:trojan-activity;sid:84559215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696116)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696116/; classtype:trojan-activity;sid:84559216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696114)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696114/; classtype:trojan-activity;sid:84559214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696113)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.33.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696113/; classtype:trojan-activity;sid:84559213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696112)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696112/; classtype:trojan-activity;sid:84559212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696108)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696108/; classtype:trojan-activity;sid:84559208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696109)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696109/; classtype:trojan-activity;sid:84559209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696110)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696110/; classtype:trojan-activity;sid:84559210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696111)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696111/; classtype:trojan-activity;sid:84559211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696106)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696106/; classtype:trojan-activity;sid:84559206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696107)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696107/; classtype:trojan-activity;sid:84559207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696100)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696100/; classtype:trojan-activity;sid:84559200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696101)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696101/; classtype:trojan-activity;sid:84559201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696102)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696102/; classtype:trojan-activity;sid:84559202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696103)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696103/; classtype:trojan-activity;sid:84559203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696104)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696104/; classtype:trojan-activity;sid:84559204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696105)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696105/; classtype:trojan-activity;sid:84559205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696095)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696095/; classtype:trojan-activity;sid:84559195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696096)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696096/; classtype:trojan-activity;sid:84559196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696097)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696097/; classtype:trojan-activity;sid:84559197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696098)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696098/; classtype:trojan-activity;sid:84559198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696099)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696099/; classtype:trojan-activity;sid:84559199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696094)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.110.187.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696094/; classtype:trojan-activity;sid:84559194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696093)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696093/; classtype:trojan-activity;sid:84559193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696092)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"59.7.236.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696092/; classtype:trojan-activity;sid:84559192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696090)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696090/; classtype:trojan-activity;sid:84559190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696091)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696091/; classtype:trojan-activity;sid:84559191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696089)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696089/; classtype:trojan-activity;sid:84559189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696087)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.85.103.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696087/; classtype:trojan-activity;sid:84559187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696088)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696088/; classtype:trojan-activity;sid:84559188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696086)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696086/; classtype:trojan-activity;sid:84559186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696082)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696082/; classtype:trojan-activity;sid:84559182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696083)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696083/; classtype:trojan-activity;sid:84559183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696084)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696084/; classtype:trojan-activity;sid:84559184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696085)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696085/; classtype:trojan-activity;sid:84559185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696081)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696081/; classtype:trojan-activity;sid:84559181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696076)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696076/; classtype:trojan-activity;sid:84559176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696077)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696077/; classtype:trojan-activity;sid:84559177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696078)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696078/; classtype:trojan-activity;sid:84559178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696079)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696079/; classtype:trojan-activity;sid:84559179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696080)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696080/; classtype:trojan-activity;sid:84559180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696073)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696073/; classtype:trojan-activity;sid:84559173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696074)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696074/; classtype:trojan-activity;sid:84559174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696075)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696075/; classtype:trojan-activity;sid:84559175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696068)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696068/; classtype:trojan-activity;sid:84559168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696069)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696069/; classtype:trojan-activity;sid:84559169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696070/; classtype:trojan-activity;sid:84559170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696071)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696071/; classtype:trojan-activity;sid:84559171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696072)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696072/; classtype:trojan-activity;sid:84559172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696063)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696063/; classtype:trojan-activity;sid:84559163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696064)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696064/; classtype:trojan-activity;sid:84559164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696065)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696065/; classtype:trojan-activity;sid:84559165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696066)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696066/; classtype:trojan-activity;sid:84559166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696067)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696067/; classtype:trojan-activity;sid:84559167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696060)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696060/; classtype:trojan-activity;sid:84559160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696061)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696061/; classtype:trojan-activity;sid:84559161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696062)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696062/; classtype:trojan-activity;sid:84559162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696059)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696059/; classtype:trojan-activity;sid:84559159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696058)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696058/; classtype:trojan-activity;sid:84559158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696055)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696055/; classtype:trojan-activity;sid:84559155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696056)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696056/; classtype:trojan-activity;sid:84559156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696057)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696057/; classtype:trojan-activity;sid:84559157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696049)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696049/; classtype:trojan-activity;sid:84559149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696050)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696050/; classtype:trojan-activity;sid:84559150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696051)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696051/; classtype:trojan-activity;sid:84559151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696052)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696052/; classtype:trojan-activity;sid:84559152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696053)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696053/; classtype:trojan-activity;sid:84559153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696054)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696054/; classtype:trojan-activity;sid:84559154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696046)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.85.33.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696046/; classtype:trojan-activity;sid:84559146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696047)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696047/; classtype:trojan-activity;sid:84559147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696048)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696048/; classtype:trojan-activity;sid:84559148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696044)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.57.183.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696044/; classtype:trojan-activity;sid:84559144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696045)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696045/; classtype:trojan-activity;sid:84559145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696039)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696039/; classtype:trojan-activity;sid:84559139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696040)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696040/; classtype:trojan-activity;sid:84559140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696041)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696041/; classtype:trojan-activity;sid:84559141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696042)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696042/; classtype:trojan-activity;sid:84559142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696043)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696043/; classtype:trojan-activity;sid:84559143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696038)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696038/; classtype:trojan-activity;sid:84559138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696037)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"175.196.57.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696037/; classtype:trojan-activity;sid:84559137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696035)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696035/; classtype:trojan-activity;sid:84559135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696036)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696036/; classtype:trojan-activity;sid:84559136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696033)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696033/; classtype:trojan-activity;sid:84559133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696034)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696034/; classtype:trojan-activity;sid:84559134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696031)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696031/; classtype:trojan-activity;sid:84559131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696032)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696032/; classtype:trojan-activity;sid:84559132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696026)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696026/; classtype:trojan-activity;sid:84559126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696027)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696027/; classtype:trojan-activity;sid:84559127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696028)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696028/; classtype:trojan-activity;sid:84559128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696029)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696029/; classtype:trojan-activity;sid:84559129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696030)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696030/; classtype:trojan-activity;sid:84559130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696024)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696024/; classtype:trojan-activity;sid:84559124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696025)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696025/; classtype:trojan-activity;sid:84559125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696020)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696020/; classtype:trojan-activity;sid:84559120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696021)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696021/; classtype:trojan-activity;sid:84559121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696022)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696022/; classtype:trojan-activity;sid:84559122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696023)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696023/; classtype:trojan-activity;sid:84559123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696018)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696018/; classtype:trojan-activity;sid:84559118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696019)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696019/; classtype:trojan-activity;sid:84559119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696011)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696011/; classtype:trojan-activity;sid:84559111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696012)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696012/; classtype:trojan-activity;sid:84559112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696013)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696013/; classtype:trojan-activity;sid:84559113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696014)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696014/; classtype:trojan-activity;sid:84559114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696015)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696015/; classtype:trojan-activity;sid:84559115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696016)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696016/; classtype:trojan-activity;sid:84559116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696017)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696017/; classtype:trojan-activity;sid:84559117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696010)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696010/; classtype:trojan-activity;sid:84559110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696008)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696008/; classtype:trojan-activity;sid:84559108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696009)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696009/; classtype:trojan-activity;sid:84559109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696003)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696003/; classtype:trojan-activity;sid:84559103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696004/; classtype:trojan-activity;sid:84559104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696005)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696005/; classtype:trojan-activity;sid:84559105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696006)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696006/; classtype:trojan-activity;sid:84559106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696007)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696007/; classtype:trojan-activity;sid:84559107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695999)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695999/; classtype:trojan-activity;sid:84559099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696000)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696000/; classtype:trojan-activity;sid:84559100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696001)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696001/; classtype:trojan-activity;sid:84559101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696002)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696002/; classtype:trojan-activity;sid:84559102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695998)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695998/; classtype:trojan-activity;sid:84559098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695997)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695997/; classtype:trojan-activity;sid:84559097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695995)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695995/; classtype:trojan-activity;sid:84559095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695996)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695996/; classtype:trojan-activity;sid:84559096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695994)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695994/; classtype:trojan-activity;sid:84559094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695993)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695993/; classtype:trojan-activity;sid:84559093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695990)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695990/; classtype:trojan-activity;sid:84559090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695991)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695991/; classtype:trojan-activity;sid:84559091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695992)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695992/; classtype:trojan-activity;sid:84559092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695988)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695988/; classtype:trojan-activity;sid:84559088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695989)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695989/; classtype:trojan-activity;sid:84559089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695983)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695983/; classtype:trojan-activity;sid:84559083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695984)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695984/; classtype:trojan-activity;sid:84559084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695985)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695985/; classtype:trojan-activity;sid:84559085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695986)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695986/; classtype:trojan-activity;sid:84559086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695987)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695987/; classtype:trojan-activity;sid:84559087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695980)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695980/; classtype:trojan-activity;sid:84559080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695981)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695981/; classtype:trojan-activity;sid:84559081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695982)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695982/; classtype:trojan-activity;sid:84559082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695977/; classtype:trojan-activity;sid:84559077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695978)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695978/; classtype:trojan-activity;sid:84559078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695979)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695979/; classtype:trojan-activity;sid:84559079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695975)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695975/; classtype:trojan-activity;sid:84559075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695976)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695976/; classtype:trojan-activity;sid:84559076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695970)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695970/; classtype:trojan-activity;sid:84559070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695971)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695971/; classtype:trojan-activity;sid:84559071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695972)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695972/; classtype:trojan-activity;sid:84559072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695973)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695973/; classtype:trojan-activity;sid:84559073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695974)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.116.145.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695974/; classtype:trojan-activity;sid:84559074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695966)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695966/; classtype:trojan-activity;sid:84559066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.162.32.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695967/; classtype:trojan-activity;sid:84559067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695968)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695968/; classtype:trojan-activity;sid:84559068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695969)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695969/; classtype:trojan-activity;sid:84559069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695961)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695961/; classtype:trojan-activity;sid:84559061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695962)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695962/; classtype:trojan-activity;sid:84559062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695963)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695963/; classtype:trojan-activity;sid:84559063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695964)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695964/; classtype:trojan-activity;sid:84559064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695965)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695965/; classtype:trojan-activity;sid:84559065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695958)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695958/; classtype:trojan-activity;sid:84559058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695959)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695959/; classtype:trojan-activity;sid:84559059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695960)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695960/; classtype:trojan-activity;sid:84559060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695954)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695954/; classtype:trojan-activity;sid:84559054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695955)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695955/; classtype:trojan-activity;sid:84559055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695956)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695956/; classtype:trojan-activity;sid:84559056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695957)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695957/; classtype:trojan-activity;sid:84559057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695952)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695952/; classtype:trojan-activity;sid:84559052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695953)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695953/; classtype:trojan-activity;sid:84559053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695949)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695949/; classtype:trojan-activity;sid:84559049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695950)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695950/; classtype:trojan-activity;sid:84559050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695951)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695951/; classtype:trojan-activity;sid:84559051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695945)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695945/; classtype:trojan-activity;sid:84559045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695946)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695946/; classtype:trojan-activity;sid:84559046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695947)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695947/; classtype:trojan-activity;sid:84559047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695948/; classtype:trojan-activity;sid:84559048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695940)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.100.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695940/; classtype:trojan-activity;sid:84559040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695941)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695941/; classtype:trojan-activity;sid:84559041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695942)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695942/; classtype:trojan-activity;sid:84559042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695943)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695943/; classtype:trojan-activity;sid:84559043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695944)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695944/; classtype:trojan-activity;sid:84559044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695938)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695938/; classtype:trojan-activity;sid:84559038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695939)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695939/; classtype:trojan-activity;sid:84559039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695937/; classtype:trojan-activity;sid:84559037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695934)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695934/; classtype:trojan-activity;sid:84559034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695935)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.83.100.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695935/; classtype:trojan-activity;sid:84559035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695936)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695936/; classtype:trojan-activity;sid:84559036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695926)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"175.206.229.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695926/; classtype:trojan-activity;sid:84559026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695927)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695927/; classtype:trojan-activity;sid:84559027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695928)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695928/; classtype:trojan-activity;sid:84559028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695929)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695929/; classtype:trojan-activity;sid:84559029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695930)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.188.34.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695930/; classtype:trojan-activity;sid:84559030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695931)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.18.210.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695931/; classtype:trojan-activity;sid:84559031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695932)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695932/; classtype:trojan-activity;sid:84559032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695933)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.114.138.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695933/; classtype:trojan-activity;sid:84559033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695923)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695923/; classtype:trojan-activity;sid:84559023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695924)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695924/; classtype:trojan-activity;sid:84559024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695925)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695925/; classtype:trojan-activity;sid:84559025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695916)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695916/; classtype:trojan-activity;sid:84559016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695917)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695917/; classtype:trojan-activity;sid:84559017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695918)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695918/; classtype:trojan-activity;sid:84559018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695919)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695919/; classtype:trojan-activity;sid:84559019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695920)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695920/; classtype:trojan-activity;sid:84559020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695921)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695921/; classtype:trojan-activity;sid:84559021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695922)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695922/; classtype:trojan-activity;sid:84559022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695913)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695913/; classtype:trojan-activity;sid:84559013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695914)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695914/; classtype:trojan-activity;sid:84559014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695915)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695915/; classtype:trojan-activity;sid:84559015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695911)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695911/; classtype:trojan-activity;sid:84559011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695912)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695912/; classtype:trojan-activity;sid:84559012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695908)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.223.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695908/; classtype:trojan-activity;sid:84559008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695909)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695909/; classtype:trojan-activity;sid:84559009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695910)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695910/; classtype:trojan-activity;sid:84559010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695907)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695907/; classtype:trojan-activity;sid:84559007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695906)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695906/; classtype:trojan-activity;sid:84559006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695905)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695905/; classtype:trojan-activity;sid:84559005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695903)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.80.194.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695903/; classtype:trojan-activity;sid:84559003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695904)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695904/; classtype:trojan-activity;sid:84559004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695902)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.0.30.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695902/; classtype:trojan-activity;sid:84559002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695898/; classtype:trojan-activity;sid:84558998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695899)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695899/; classtype:trojan-activity;sid:84558999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695900)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695900/; classtype:trojan-activity;sid:84559000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695901)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695901/; classtype:trojan-activity;sid:84559001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695894)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695894/; classtype:trojan-activity;sid:84558994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695895)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695895/; classtype:trojan-activity;sid:84558995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695896)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695896/; classtype:trojan-activity;sid:84558996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695897)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.188.34.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695897/; classtype:trojan-activity;sid:84558997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695889)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695889/; classtype:trojan-activity;sid:84558989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695890)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695890/; classtype:trojan-activity;sid:84558990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695891)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695891/; classtype:trojan-activity;sid:84558991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695892)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695892/; classtype:trojan-activity;sid:84558992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695893)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"116.48.27.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695893/; classtype:trojan-activity;sid:84558993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695886)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695886/; classtype:trojan-activity;sid:84558986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695887)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695887/; classtype:trojan-activity;sid:84558987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695888)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695888/; classtype:trojan-activity;sid:84558988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695882)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695882/; classtype:trojan-activity;sid:84558982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695883)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695883/; classtype:trojan-activity;sid:84558983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695884)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695884/; classtype:trojan-activity;sid:84558984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695885)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"118.44.41.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695885/; classtype:trojan-activity;sid:84558985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695880)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.70.172.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695880/; classtype:trojan-activity;sid:84558980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695881)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695881/; classtype:trojan-activity;sid:84558981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695879)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695879/; classtype:trojan-activity;sid:84558979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695878)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.218.212.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695878/; classtype:trojan-activity;sid:84558978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695876)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695876/; classtype:trojan-activity;sid:84558976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695877)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695877/; classtype:trojan-activity;sid:84558977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695869)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695869/; classtype:trojan-activity;sid:84558969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695870)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695870/; classtype:trojan-activity;sid:84558970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695871)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695871/; classtype:trojan-activity;sid:84558971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695872)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695872/; classtype:trojan-activity;sid:84558972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695873)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695873/; classtype:trojan-activity;sid:84558973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695874)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.103.71.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695874/; classtype:trojan-activity;sid:84558974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695875/; classtype:trojan-activity;sid:84558975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695868)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.91.141.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695868/; classtype:trojan-activity;sid:84558968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695867)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.167.31.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695867/; classtype:trojan-activity;sid:84558967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695862)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.147.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695862/; classtype:trojan-activity;sid:84558962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695863)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695863/; classtype:trojan-activity;sid:84558963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695864)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695864/; classtype:trojan-activity;sid:84558964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695865)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695865/; classtype:trojan-activity;sid:84558965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695866)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.133.187.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695866/; classtype:trojan-activity;sid:84558966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695861)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695861/; classtype:trojan-activity;sid:84558961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695859)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.45.141.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695859/; classtype:trojan-activity;sid:84558959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695860)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.152.72.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695860/; classtype:trojan-activity;sid:84558960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"184.148.6.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695858/; classtype:trojan-activity;sid:84558958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695855)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.209.133.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695855/; classtype:trojan-activity;sid:84558955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695856)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"177.42.75.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695856/; classtype:trojan-activity;sid:84558956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695857)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"210.104.172.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695857/; classtype:trojan-activity;sid:84558957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695854)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695854/; classtype:trojan-activity;sid:84558954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695852)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"187.201.211.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695852/; classtype:trojan-activity;sid:84558952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695853)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.116.86.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695853/; classtype:trojan-activity;sid:84558953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695847)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695847/; classtype:trojan-activity;sid:84558947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695848)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.75.107.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695848/; classtype:trojan-activity;sid:84558948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695849)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.79.96.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695849/; classtype:trojan-activity;sid:84558949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695850)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"117.24.154.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695850/; classtype:trojan-activity;sid:84558950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695851)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.240.238.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695851/; classtype:trojan-activity;sid:84558951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695845)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.33.156.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695845/; classtype:trojan-activity;sid:84558945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695846)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.177.137.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695846/; classtype:trojan-activity;sid:84558946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695843)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"118.68.210.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695843/; classtype:trojan-activity;sid:84558943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695844)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695844/; classtype:trojan-activity;sid:84558944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695839)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.231.241.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695839/; classtype:trojan-activity;sid:84558939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695840)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.96.33.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695840/; classtype:trojan-activity;sid:84558940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695841)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.48.188.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695841/; classtype:trojan-activity;sid:84558941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695842)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.81.205.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695842/; classtype:trojan-activity;sid:84558942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695836)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695836/; classtype:trojan-activity;sid:84558936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695837)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.225.163.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695837/; classtype:trojan-activity;sid:84558937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695838)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.80.142.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695838/; classtype:trojan-activity;sid:84558938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695832)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.187.240.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695832/; classtype:trojan-activity;sid:84558932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695833)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.159.103.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695833/; classtype:trojan-activity;sid:84558933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695834)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"1.163.97.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695834/; classtype:trojan-activity;sid:84558934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695835)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.185.182.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695835/; classtype:trojan-activity;sid:84558935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695825)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695825/; classtype:trojan-activity;sid:84558925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695826/; classtype:trojan-activity;sid:84558926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695827)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695827/; classtype:trojan-activity;sid:84558927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695828)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.166.169.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695828/; classtype:trojan-activity;sid:84558928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695829)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.66.117.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695829/; classtype:trojan-activity;sid:84558929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695830)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695830/; classtype:trojan-activity;sid:84558930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695831)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.213.84.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695831/; classtype:trojan-activity;sid:84558931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695824)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"125.137.108.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695824/; classtype:trojan-activity;sid:84558924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695823)"; flow:established,from_client; content:"GET"; http_method; content:"/k5iw8j11zu.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g6.85cu3895.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695823/; classtype:trojan-activity;sid:84558923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695822)"; flow:established,from_client; content:"GET"; http_method; content:"/1gj0jj8c"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1c.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695822/; classtype:trojan-activity;sid:84558922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695821)"; flow:established,from_client; content:"GET"; http_method; content:"/p0.google|3f|t=wixdwvj9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1c.03e3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695821/; classtype:trojan-activity;sid:84558921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695820)"; flow:established,from_client; content:"GET"; http_method; content:"/0nba72ikf7.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3w4.1051lt6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695820/; classtype:trojan-activity;sid:84558920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695819)"; flow:established,from_client; content:"GET"; http_method; content:"/nbykhc42b1.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z3w4.1051lt6.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695819/; classtype:trojan-activity;sid:84558919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695818)"; flow:established,from_client; content:"GET"; http_method; content:"/jh.check|3f|t=7q9l7l5u"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"aw.614lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695818/; classtype:trojan-activity;sid:84558918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695816)"; flow:established,from_client; content:"GET"; http_method; content:"/st.google|3f|t=u2kza7zq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6g.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695816/; classtype:trojan-activity;sid:84558916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695817)"; flow:established,from_client; content:"GET"; http_method; content:"/cm0euyb4yz.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7bn.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695817/; classtype:trojan-activity;sid:84558917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695815/; classtype:trojan-activity;sid:84558915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.254.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695814/; classtype:trojan-activity;sid:84558914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695813)"; flow:established,from_client; content:"GET"; http_method; content:"/b4y86n2h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6g.w8i0h.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695813/; classtype:trojan-activity;sid:84558913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695812)"; flow:established,from_client; content:"GET"; http_method; content:"/hy5dt03lkq.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t.ba2q7q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695812/; classtype:trojan-activity;sid:84558912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695811)"; flow:established,from_client; content:"GET"; http_method; content:"/i5l.check|3f|t=r1l8egt7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"yb.oc57y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695811/; classtype:trojan-activity;sid:84558911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695810)"; flow:established,from_client; content:"GET"; http_method; content:"/gzhxqjy6am.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7bn.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695810/; classtype:trojan-activity;sid:84558910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.174.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695809/; classtype:trojan-activity;sid:84558909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695808/; classtype:trojan-activity;sid:84558908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695807)"; flow:established,from_client; content:"GET"; http_method; content:"/4yk9l617v4.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7bn.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695807/; classtype:trojan-activity;sid:84558907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695806)"; flow:established,from_client; content:"GET"; http_method; content:"/e2j.google|3f|t=mvwsk8he"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ch.hb0-e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695806/; classtype:trojan-activity;sid:84558906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695805/; classtype:trojan-activity;sid:84558905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.103.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695804/; classtype:trojan-activity;sid:84558904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695803)"; flow:established,from_client; content:"GET"; http_method; content:"/hwxgn41ld1.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m0t.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695803/; classtype:trojan-activity;sid:84558903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695802)"; flow:established,from_client; content:"GET"; http_method; content:"/xw.google|3f|t=9whyumy1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gw.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695802/; classtype:trojan-activity;sid:84558902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.32.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695801/; classtype:trojan-activity;sid:84558901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695800/; classtype:trojan-activity;sid:84558900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695799)"; flow:established,from_client; content:"GET"; http_method; content:"/ikb8dc55"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gw.888-c.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695799/; classtype:trojan-activity;sid:84558899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.128.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695798/; classtype:trojan-activity;sid:84558898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695797)"; flow:established,from_client; content:"GET"; http_method; content:"/z9w6qf7bve.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z9m2.ba2q7q.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695797/; classtype:trojan-activity;sid:84558897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.203.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695796/; classtype:trojan-activity;sid:84558896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695795)"; flow:established,from_client; content:"GET"; http_method; content:"/gutiknyka1.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v91.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695795/; classtype:trojan-activity;sid:84558895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695794)"; flow:established,from_client; content:"GET"; http_method; content:"/fjg.google|3f|t=sgj5oo9x"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5d.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695794/; classtype:trojan-activity;sid:84558894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.72.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695793/; classtype:trojan-activity;sid:84558893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695791)"; flow:established,from_client; content:"GET"; http_method; content:"/n2mwjhrf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5d.8b-1d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695791/; classtype:trojan-activity;sid:84558891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695792)"; flow:established,from_client; content:"GET"; http_method; content:"/mbqlsa3myz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z9m2.ba2q7q.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695792/; classtype:trojan-activity;sid:84558892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.137.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695789/; classtype:trojan-activity;sid:84558889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.185.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695790/; classtype:trojan-activity;sid:84558890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.32.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695788/; classtype:trojan-activity;sid:84558888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695787)"; flow:established,from_client; content:"GET"; http_method; content:"/nf8i0tkya9.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w1.ba2q7q.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695787/; classtype:trojan-activity;sid:84558887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695786)"; flow:established,from_client; content:"GET"; http_method; content:"/exk4b9kj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"j0.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695786/; classtype:trojan-activity;sid:84558886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695784)"; flow:established,from_client; content:"GET"; http_method; content:"/zi.check|3f|t=3uerqqyn"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"j0.95tbm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695784/; classtype:trojan-activity;sid:84558884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695785)"; flow:established,from_client; content:"GET"; http_method; content:"/t625vgszcb.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2x.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695785/; classtype:trojan-activity;sid:84558885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695783)"; flow:established,from_client; content:"GET"; http_method; content:"/krnyzd7oto.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w1.ba2q7q.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695783/; classtype:trojan-activity;sid:84558883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695782)"; flow:established,from_client; content:"GET"; http_method; content:"/1wb90e3g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2d.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695782/; classtype:trojan-activity;sid:84558882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.6.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695781/; classtype:trojan-activity;sid:84558881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.185.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695780/; classtype:trojan-activity;sid:84558880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695778)"; flow:established,from_client; content:"GET"; http_method; content:"/wk1.check|3f|t=p4lltq8w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2d.55-0p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695778/; classtype:trojan-activity;sid:84558878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695779)"; flow:established,from_client; content:"GET"; http_method; content:"/ykihrj3tzb.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2x.1051lt6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695779/; classtype:trojan-activity;sid:84558879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695777)"; flow:established,from_client; content:"GET"; http_method; content:"/166/sfdkjs0d9cv00s9f900f920f30sd090bcv09dg90s90g0dfg09g0d0g90dg9g8dg09g0d.txt"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"23.95.243.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695777/; classtype:trojan-activity;sid:84558877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695776)"; flow:established,from_client; content:"GET"; http_method; content:"/98/9hg990ghhgh998hhgb76bc45dfdhfgfhghh09jghhg990900hhghh889ghgh99989.txt"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695776/; classtype:trojan-activity;sid:84558876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.34.215.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695775/; classtype:trojan-activity;sid:84558875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.127.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695774/; classtype:trojan-activity;sid:84558874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695773)"; flow:established,from_client; content:"GET"; http_method; content:"/qpy4ej4kpzpypyf.com"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.92.240.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695773/; classtype:trojan-activity;sid:84558873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695772)"; flow:established,from_client; content:"GET"; http_method; content:"/hdrmu2ezke.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q5.1051lt6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695772/; classtype:trojan-activity;sid:84558872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.170.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695771/; classtype:trojan-activity;sid:84558871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695770)"; flow:established,from_client; content:"GET"; http_method; content:"/stc.google|3f|t=93f8qj3j"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hw.3u-6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695770/; classtype:trojan-activity;sid:84558870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.188.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695769/; classtype:trojan-activity;sid:84558869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.8.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695768/; classtype:trojan-activity;sid:84558868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.34.215.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695767/; classtype:trojan-activity;sid:84558867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695766)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/housewkk/clientvonnupload.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"vqfdkhdzsgauegpvqiem.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695766/; classtype:trojan-activity;sid:84558866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695765)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1elk1ala9fwycen1cvci2w9m_psm-czha"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695765/; classtype:trojan-activity;sid:84558865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695763)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17iw7qlvdem64gjkqsma2zaahzpq_o4zv"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695763/; classtype:trojan-activity;sid:84558863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695764)"; flow:established,from_client; content:"GET"; http_method; content:"/f/gsqx9mrc64qodzwb25nqbxkeg2aaywu07ctpzdv5sodn8rij|3f|12711343|3f|12711343"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"3zd6k5n6q3.ufs.sh"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695764/; classtype:trojan-activity;sid:84558864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695762)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"go19.tarotbag.digital"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695762/; classtype:trojan-activity;sid:84558862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695761)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695761/; classtype:trojan-activity;sid:84558861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695760)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695760/; classtype:trojan-activity;sid:84558860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695759)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695759/; classtype:trojan-activity;sid:84558859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695758)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695758/; classtype:trojan-activity;sid:84558858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695757)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.scr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695757/; classtype:trojan-activity;sid:84558857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695756)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695756/; classtype:trojan-activity;sid:84558856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695755)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.scr"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695755/; classtype:trojan-activity;sid:84558855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695754)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695754/; classtype:trojan-activity;sid:84558854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695753)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695753/; classtype:trojan-activity;sid:84558853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695752)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695752/; classtype:trojan-activity;sid:84558852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695750)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695750/; classtype:trojan-activity;sid:84558850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695751)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695751/; classtype:trojan-activity;sid:84558851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695749)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.scr"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695749/; classtype:trojan-activity;sid:84558849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695748)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695748/; classtype:trojan-activity;sid:84558848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695747)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695747/; classtype:trojan-activity;sid:84558847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695745)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695745/; classtype:trojan-activity;sid:84558845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695746)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695746/; classtype:trojan-activity;sid:84558846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695744)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.scr"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695744/; classtype:trojan-activity;sid:84558844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695743)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.scr"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695743/; classtype:trojan-activity;sid:84558843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695742)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695742/; classtype:trojan-activity;sid:84558842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695741)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695741/; classtype:trojan-activity;sid:84558841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695740)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695740/; classtype:trojan-activity;sid:84558840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695738)"; flow:established,from_client; content:"GET"; http_method; content:"/images/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695738/; classtype:trojan-activity;sid:84558838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695739)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/video.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695739/; classtype:trojan-activity;sid:84558839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695732)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/video.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695732/; classtype:trojan-activity;sid:84558832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695733)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/av.lnk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695733/; classtype:trojan-activity;sid:84558833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695734)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.scr"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695734/; classtype:trojan-activity;sid:84558834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695735)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695735/; classtype:trojan-activity;sid:84558835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695736)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/photo.lnk"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695736/; classtype:trojan-activity;sid:84558836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695737)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695737/; classtype:trojan-activity;sid:84558837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695731)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695731/; classtype:trojan-activity;sid:84558831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695713)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/lang-data/av.lnk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695713/; classtype:trojan-activity;sid:84558813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695714)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695714/; classtype:trojan-activity;sid:84558814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695715)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/tesseract/photo.lnk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695715/; classtype:trojan-activity;sid:84558815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695716)"; flow:established,from_client; content:"GET"; http_method; content:"/images/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695716/; classtype:trojan-activity;sid:84558816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695717)"; flow:established,from_client; content:"GET"; http_method; content:"/images/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695717/; classtype:trojan-activity;sid:84558817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695718)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/photo.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695718/; classtype:trojan-activity;sid:84558818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695719)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/av.lnk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695719/; classtype:trojan-activity;sid:84558819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695720)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695720/; classtype:trojan-activity;sid:84558820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695721)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695721/; classtype:trojan-activity;sid:84558821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695722)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/av.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695722/; classtype:trojan-activity;sid:84558822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695723)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695723/; classtype:trojan-activity;sid:84558823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695724)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.113.227.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695724/; classtype:trojan-activity;sid:84558824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695725)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/photo.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695725/; classtype:trojan-activity;sid:84558825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695726)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695726/; classtype:trojan-activity;sid:84558826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695727)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/forge/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695727/; classtype:trojan-activity;sid:84558827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695728)"; flow:established,from_client; content:"GET"; http_method; content:"/modules/video.lnk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695728/; classtype:trojan-activity;sid:84558828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695729)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695729/; classtype:trojan-activity;sid:84558829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695730)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/video.lnk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"182.143.114.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695730/; classtype:trojan-activity;sid:84558830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695709)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/info.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695709/; classtype:trojan-activity;sid:84558809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695710)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.22.95.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695710/; classtype:trojan-activity;sid:84558810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695711)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695711/; classtype:trojan-activity;sid:84558811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695712)"; flow:established,from_client; content:"GET"; http_method; content:"/canicattennis_v_1_4/appdata/settings/info.zip"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"80.211.134.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695712/; classtype:trojan-activity;sid:84558812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695708)"; flow:established,from_client; content:"GET"; http_method; content:"/3hxfee.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695708/; classtype:trojan-activity;sid:84558808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695707)"; flow:established,from_client; content:"GET"; http_method; content:"/gxh7ar04ov.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r2q3.94e-w8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695707/; classtype:trojan-activity;sid:84558807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695706)"; flow:established,from_client; content:"GET"; http_method; content:"/rjbm8prx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vo7.v4-z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695706/; classtype:trojan-activity;sid:84558806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.69.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695705/; classtype:trojan-activity;sid:84558805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.72.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695704/; classtype:trojan-activity;sid:84558804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.38.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695703/; classtype:trojan-activity;sid:84558803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695702)"; flow:established,from_client; content:"GET"; http_method; content:"/fku2idu7nq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d2m1.q9-j341.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695702/; classtype:trojan-activity;sid:84558802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695701)"; flow:established,from_client; content:"GET"; http_method; content:"/2b.google|3f|t=cyaftco2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vo7.v4-z.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695701/; classtype:trojan-activity;sid:84558801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.38.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695700/; classtype:trojan-activity;sid:84558800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.219.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695699/; classtype:trojan-activity;sid:84558799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695698)"; flow:established,from_client; content:"GET"; http_method; content:"/gyg.check|3f|t=xfidqvnv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7h.5g-t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695698/; classtype:trojan-activity;sid:84558798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695697)"; flow:established,from_client; content:"GET"; http_method; content:"/mlhcw0c5ca.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vqx.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695697/; classtype:trojan-activity;sid:84558797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695696)"; flow:established,from_client; content:"GET"; http_method; content:"/1s.google|3f|t=lzm417vd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"elk.yw9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695696/; classtype:trojan-activity;sid:84558796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695695)"; flow:established,from_client; content:"GET"; http_method; content:"/1s69gbt73n.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y7m.94e-w8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695695/; classtype:trojan-activity;sid:84558795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695693)"; flow:established,from_client; content:"GET"; http_method; content:"/t76zc5cp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"elk.yw9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695693/; classtype:trojan-activity;sid:84558793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695694)"; flow:established,from_client; content:"GET"; http_method; content:"/1p0ggfyjbe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vqx.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695694/; classtype:trojan-activity;sid:84558794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.27.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695692/; classtype:trojan-activity;sid:84558792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695691)"; flow:established,from_client; content:"GET"; http_method; content:"/8sy77e56hi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vqx.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695691/; classtype:trojan-activity;sid:84558791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695690)"; flow:established,from_client; content:"GET"; http_method; content:"/41h.google|3f|t=j5zkpkhl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"h28.4qo8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695690/; classtype:trojan-activity;sid:84558790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.69.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695689/; classtype:trojan-activity;sid:84558789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.145.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695688/; classtype:trojan-activity;sid:84558788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.219.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695687/; classtype:trojan-activity;sid:84558787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.225.42.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695686/; classtype:trojan-activity;sid:84558786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.48.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695685/; classtype:trojan-activity;sid:84558785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695684)"; flow:established,from_client; content:"GET"; http_method; content:"/buqi59aoou.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a7n.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695684/; classtype:trojan-activity;sid:84558784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695682)"; flow:established,from_client; content:"GET"; http_method; content:"/vene/hykle.lpk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cadencevale.life"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695682/; classtype:trojan-activity;sid:84558782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695683)"; flow:established,from_client; content:"GET"; http_method; content:"/vene/tnjwjcvhyhgqqnxdipbauzvgbx47.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"cadencevale.life"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695683/; classtype:trojan-activity;sid:84558783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695681)"; flow:established,from_client; content:"GET"; http_method; content:"/sxw.check|3f|t=jfwj1v65"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hl.oqtx.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695681/; classtype:trojan-activity;sid:84558781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.27.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695680/; classtype:trojan-activity;sid:84558780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695679)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hp1aeaimaxokv9_h_6atoxy_jw4k1npz"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695679/; classtype:trojan-activity;sid:84558779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695678)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1slw0vqvrpne3x00ynns2upjxd0v6-4gk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695678/; classtype:trojan-activity;sid:84558778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695677)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gdw5hbnbzaqpwqqeguq2tbpo2o3quu9f"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695677/; classtype:trojan-activity;sid:84558777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695676)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w0apomew6b1uahwuy-lbpaunx9cspqtx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695676/; classtype:trojan-activity;sid:84558776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.225.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695675/; classtype:trojan-activity;sid:84558775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.92.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695674/; classtype:trojan-activity;sid:84558774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695673)"; flow:established,from_client; content:"GET"; http_method; content:"/order/server_encrypted.ps1"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"module.com.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695673/; classtype:trojan-activity;sid:84558773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695672)"; flow:established,from_client; content:"GET"; http_method; content:"/rowe176.pfm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cloudlocalservice.duckdns.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695672/; classtype:trojan-activity;sid:84558772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695671)"; flow:established,from_client; content:"GET"; http_method; content:"/jade.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cloudlocalservice.duckdns.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695671/; classtype:trojan-activity;sid:84558771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695670)"; flow:established,from_client; content:"GET"; http_method; content:"/9re6f5.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695670/; classtype:trojan-activity;sid:84558770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695669)"; flow:established,from_client; content:"GET"; http_method; content:"/w7kijjy0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hl.oqtx.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695669/; classtype:trojan-activity;sid:84558769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695668)"; flow:established,from_client; content:"GET"; http_method; content:"/7gav1zdbec.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b0t.94e-w8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695668/; classtype:trojan-activity;sid:84558768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695667)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251104055349.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nttgroups.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695667/; classtype:trojan-activity;sid:84558767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695666)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i468"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695666/; classtype:trojan-activity;sid:84558766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695665)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103095040.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nttgroups.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695665/; classtype:trojan-activity;sid:84558765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695664)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103070609.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nttgroups.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695664/; classtype:trojan-activity;sid:84558764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695663)"; flow:established,from_client; content:"GET"; http_method; content:"/6wcc0qr448.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a7n.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695663/; classtype:trojan-activity;sid:84558763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695662)"; flow:established,from_client; content:"GET"; http_method; content:"/63.google|3f|t=kv4ol925"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fh0.j935.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695662/; classtype:trojan-activity;sid:84558762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.93.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695659/; classtype:trojan-activity;sid:84558759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.116.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695660/; classtype:trojan-activity;sid:84558760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695661/; classtype:trojan-activity;sid:84558761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695652/; classtype:trojan-activity;sid:84558752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.54.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695653/; classtype:trojan-activity;sid:84558753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.23.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695654/; classtype:trojan-activity;sid:84558754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.222.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695655/; classtype:trojan-activity;sid:84558755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.96.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695656/; classtype:trojan-activity;sid:84558756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.114.224.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695657/; classtype:trojan-activity;sid:84558757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695658/; classtype:trojan-activity;sid:84558758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.92.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695651/; classtype:trojan-activity;sid:84558751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.187.104.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695647/; classtype:trojan-activity;sid:84558747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.255.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695648/; classtype:trojan-activity;sid:84558748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.190.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695649/; classtype:trojan-activity;sid:84558749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.119.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695650/; classtype:trojan-activity;sid:84558750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.126.86.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695646/; classtype:trojan-activity;sid:84558746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695645)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kko/0hgg00076fhgh7988hnddsdfs43400hjhnbnb9090ghghg78090jjh090909ghghg00.hta"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"46.183.220.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695645/; classtype:trojan-activity;sid:84558745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695644)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5561582465/fz0oky4.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695644/; classtype:trojan-activity;sid:84558744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695641)"; flow:established,from_client; content:"GET"; http_method; content:"/98/9hg990ghhgh998hhgb76bc45dfdhfgfhghh09jghhg990900hhghh889ghgh99989.hta"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695641/; classtype:trojan-activity;sid:84558741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695642)"; flow:established,from_client; content:"GET"; http_method; content:"/480/sjdhf00vcb98sd0wjhjcmvnmsdfkjk0fs90c88b0d00s0cv89sdjjhj98vx0c0xc0v0cx08xcv0xcv.hta"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695642/; classtype:trojan-activity;sid:84558742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695643)"; flow:established,from_client; content:"GET"; http_method; content:"/166/sfdkjs0d9cv00s9f900f920f30sd090bcv09dg90s90g0dfg09g0d0g90dg9g8dg09g0d.hta"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"23.95.243.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695643/; classtype:trojan-activity;sid:84558743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695640/; classtype:trojan-activity;sid:84558740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695639)"; flow:established,from_client; content:"GET"; http_method; content:"/144/fsdf90sfcxv0sdf0f8g8dg0a00sd000sd88sdf090adf0sd0f90sdf00sdf00sdf0.hta"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"192.3.47.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695639/; classtype:trojan-activity;sid:84558739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.225.42.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695638/; classtype:trojan-activity;sid:84558738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695637)"; flow:established,from_client; content:"GET"; http_method; content:"/nqog2bghx3.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x.94e-w8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695637/; classtype:trojan-activity;sid:84558737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695634)"; flow:established,from_client; content:"GET"; http_method; content:"/2b37i9op"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fh0.j935.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695634/; classtype:trojan-activity;sid:84558734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695635)"; flow:established,from_client; content:"GET"; http_method; content:"/cq.check|3f|t=rb5nnhz9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"qfe.znx7.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695635/; classtype:trojan-activity;sid:84558735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695636)"; flow:established,from_client; content:"GET"; http_method; content:"/gxna5q8jbq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t19.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695636/; classtype:trojan-activity;sid:84558736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695633)"; flow:established,from_client; content:"GET"; http_method; content:"/s/tax%20violation%20code.msi"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"dogist.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695633/; classtype:trojan-activity;sid:84558733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695632)"; flow:established,from_client; content:"GET"; http_method; content:"/155/sdf090cxv9s0w90200sdf0xcv0908dfg90g809sd09g8sgdfg090xcv88v9x9v9d9sd9f9s8d.hta"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"209.54.103.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695632/; classtype:trojan-activity;sid:84558732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695631)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/copi.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversappsos.duckdns.org"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695631/; classtype:trojan-activity;sid:84558731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695630)"; flow:established,from_client; content:"GET"; http_method; content:"/528yi33v3p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t19.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695630/; classtype:trojan-activity;sid:84558730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695629)"; flow:established,from_client; content:"GET"; http_method; content:"/rh7.google|3f|t=4f0p0oja"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"82.j-7m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695629/; classtype:trojan-activity;sid:84558729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695628)"; flow:established,from_client; content:"GET"; http_method; content:"/download/optimized_msi_20251026/optimized_msi.png"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695628/; classtype:trojan-activity;sid:84558728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.92.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695627/; classtype:trojan-activity;sid:84558727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695626)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251102171220.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695626/; classtype:trojan-activity;sid:84558726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695623)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251102211554.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695623/; classtype:trojan-activity;sid:84558723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695624)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103063144.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695624/; classtype:trojan-activity;sid:84558724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695625)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251101003850.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695625/; classtype:trojan-activity;sid:84558725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695621)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251030181807.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695621/; classtype:trojan-activity;sid:84558721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695622)"; flow:established,from_client; content:"GET"; http_method; content:"/34/items/msi-pro-with-b-64_20251031/msi_pro_with_b64.png"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ia601401.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695622/; classtype:trojan-activity;sid:84558722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695619)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251102171235.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695619/; classtype:trojan-activity;sid:84558719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695620)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103153516.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695620/; classtype:trojan-activity;sid:84558720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695615)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251102211531.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695615/; classtype:trojan-activity;sid:84558715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695616)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103161159.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695616/; classtype:trojan-activity;sid:84558716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695617)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103162541.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695617/; classtype:trojan-activity;sid:84558717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695618)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103153506.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695618/; classtype:trojan-activity;sid:84558718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695610)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103084058.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695610/; classtype:trojan-activity;sid:84558710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695611)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103162550.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695611/; classtype:trojan-activity;sid:84558711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695612)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103170459.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695612/; classtype:trojan-activity;sid:84558712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695613)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103063134.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695613/; classtype:trojan-activity;sid:84558713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695614)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251101003838.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695614/; classtype:trojan-activity;sid:84558714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695606)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103170506.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695606/; classtype:trojan-activity;sid:84558706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695607)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251030181852.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695607/; classtype:trojan-activity;sid:84558707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695608)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103161207.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695608/; classtype:trojan-activity;sid:84558708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695609)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251103084110.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"sxcvxzxcvcxzo.lovestoblog.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695609/; classtype:trojan-activity;sid:84558709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.222.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695605/; classtype:trojan-activity;sid:84558705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695604)"; flow:established,from_client; content:"GET"; http_method; content:"/b4r.google|3f|t=vbqka5v2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"6zy.l-ly.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695604/; classtype:trojan-activity;sid:84558704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695603)"; flow:established,from_client; content:"GET"; http_method; content:"/2bewe7f61u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mz4.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695603/; classtype:trojan-activity;sid:84558703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695601)"; flow:established,from_client; content:"GET"; http_method; content:"/xx1.google|3f|t=13v5qa19"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ug0.k7t0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695601/; classtype:trojan-activity;sid:84558701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695602)"; flow:established,from_client; content:"GET"; http_method; content:"/zlm43v91vn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mz4.q9-j341.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695602/; classtype:trojan-activity;sid:84558702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695600)"; flow:established,from_client; content:"GET"; http_method; content:"/sr0ar3ti"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ug0.k7t0.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695600/; classtype:trojan-activity;sid:84558700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695599)"; flow:established,from_client; content:"GET"; http_method; content:"/1g98nbyr2a.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p9z1.94e-w8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695599/; classtype:trojan-activity;sid:84558699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.140.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695598/; classtype:trojan-activity;sid:84558698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695596)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695596/; classtype:trojan-activity;sid:84558696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695597)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695597/; classtype:trojan-activity;sid:84558697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695595)"; flow:established,from_client; content:"GET"; http_method; content:"/host/droid.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"216.250.252.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695595/; classtype:trojan-activity;sid:84558695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695593)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695593/; classtype:trojan-activity;sid:84558693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695594)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695594/; classtype:trojan-activity;sid:84558694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695589)"; flow:established,from_client; content:"GET"; http_method; content:"/446/fsfjjs903dsf8328sd3930f03303fsdsft233030g484030f309fdfg320400rtetdfg0xc3049gdf329dg20.txt"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"192.3.136.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695589/; classtype:trojan-activity;sid:84558689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695590)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695590/; classtype:trojan-activity;sid:84558690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695591)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695591/; classtype:trojan-activity;sid:84558691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695592)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695592/; classtype:trojan-activity;sid:84558692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695588)"; flow:established,from_client; content:"GET"; http_method; content:"/y3/0i/wguebpwkec.dat"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"193.160.32.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695588/; classtype:trojan-activity;sid:84558688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695587)"; flow:established,from_client; content:"GET"; http_method; content:"/y3/0i/ujkawf.mp4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.160.32.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695587/; classtype:trojan-activity;sid:84558687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.151.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695586/; classtype:trojan-activity;sid:84558686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695583)"; flow:established,from_client; content:"GET"; http_method; content:"/action-reader2025/doc/invoice-readerxx67384xx2025.msi"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"185.145.97.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695583/; classtype:trojan-activity;sid:84558683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695584)"; flow:established,from_client; content:"GET"; http_method; content:"/reader2025/doc/invoice-readerxx67384xx2025.msi"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"185.145.97.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695584/; classtype:trojan-activity;sid:84558684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695585)"; flow:established,from_client; content:"GET"; http_method; content:"/action-reader/doc/invoice-readerxx67384xx2025.msi"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"185.145.97.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695585/; classtype:trojan-activity;sid:84558685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695582)"; flow:established,from_client; content:"GET"; http_method; content:"/hfxv3j0mz2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k3.q9-j341.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695582/; classtype:trojan-activity;sid:84558682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695581)"; flow:established,from_client; content:"GET"; http_method; content:"/jsu.check|3f|t=h8ok1myc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"00.0fv1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695581/; classtype:trojan-activity;sid:84558681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.15.117.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695580/; classtype:trojan-activity;sid:84558680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.172.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695579/; classtype:trojan-activity;sid:84558679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.222.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695578/; classtype:trojan-activity;sid:84558678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695575/; classtype:trojan-activity;sid:84558675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695576/; classtype:trojan-activity;sid:84558676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pi586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695577/; classtype:trojan-activity;sid:84558677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695569/; classtype:trojan-activity;sid:84558669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695570)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695570/; classtype:trojan-activity;sid:84558670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695571/; classtype:trojan-activity;sid:84558671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695572/; classtype:trojan-activity;sid:84558672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695573)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4t"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695573/; classtype:trojan-activity;sid:84558673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695574/; classtype:trojan-activity;sid:84558674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695566/; classtype:trojan-activity;sid:84558666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695567/; classtype:trojan-activity;sid:84558667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695568/; classtype:trojan-activity;sid:84558668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695559)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695559/; classtype:trojan-activity;sid:84558659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695560)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695560/; classtype:trojan-activity;sid:84558660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695561)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695561/; classtype:trojan-activity;sid:84558661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695562/; classtype:trojan-activity;sid:84558662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695563)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695563/; classtype:trojan-activity;sid:84558663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695564)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695564/; classtype:trojan-activity;sid:84558664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695565)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695565/; classtype:trojan-activity;sid:84558665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.202.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695558/; classtype:trojan-activity;sid:84558658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.15.117.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695557/; classtype:trojan-activity;sid:84558657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695556)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"546321.wristplante.digital"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695556/; classtype:trojan-activity;sid:84558656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695555)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/storybet138v3.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"wahanastory.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695555/; classtype:trojan-activity;sid:84558655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695554)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.226.121.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695554/; classtype:trojan-activity;sid:84558654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695552)"; flow:established,from_client; content:"GET"; http_method; content:"/ligolo-agent.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.226.121.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695552/; classtype:trojan-activity;sid:84558652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695553)"; flow:established,from_client; content:"GET"; http_method; content:"/no-more-spam.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"no-more-spam.app"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695553/; classtype:trojan-activity;sid:84558653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695550)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5851730241/fzcgcte.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695550/; classtype:trojan-activity;sid:84558650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695551)"; flow:established,from_client; content:"GET"; http_method; content:"/%e4%ba%91%e6%b1%87%e5%9b%bd%e9%99%85.apk"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"yhgj28.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695551/; classtype:trojan-activity;sid:84558651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695549)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"invitezoom.jcamargoseguros.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695549/; classtype:trojan-activity;sid:84558649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695546)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tiktoki-goolge.sbs"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695546/; classtype:trojan-activity;sid:84558646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695547)"; flow:established,from_client; content:"GET"; http_method; content:"/youtubeultra.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ytultr.pro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695547/; classtype:trojan-activity;sid:84558647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695548)"; flow:established,from_client; content:"GET"; http_method; content:"/kuailian.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kuailianpc1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695548/; classtype:trojan-activity;sid:84558648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695544)"; flow:established,from_client; content:"GET"; http_method; content:"/m/downloads/download.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"eyangjitu.live"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695544/; classtype:trojan-activity;sid:84558644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695545)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tikitok-goolges.sbs"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695545/; classtype:trojan-activity;sid:84558645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695542)"; flow:established,from_client; content:"GET"; http_method; content:"/chisel.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.226.121.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695542/; classtype:trojan-activity;sid:84558642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695543)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tikpremplaymarktuzb.sbs"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695543/; classtype:trojan-activity;sid:84558643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695541)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/c0jqmppolpzk0yzcnljpegact-nph920lo277x9ketuhuxywu7ilzvnvs1ozmiovosgdzeir3xlxjbshcew7qkrsepnw8o7jxvypdnvollvwnwqlk_z2xydrkrckskdokfzrsqxk9koqfzwewoea5mu9/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"uc32a2c6a2a0920e8b603a8d5c36.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695541/; classtype:trojan-activity;sid:84558641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.222.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695540/; classtype:trojan-activity;sid:84558640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.54.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695539/; classtype:trojan-activity;sid:84558639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.15.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695538/; classtype:trojan-activity;sid:84558638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.29.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695537/; classtype:trojan-activity;sid:84558637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.67.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695536/; classtype:trojan-activity;sid:84558636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.32.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695535/; classtype:trojan-activity;sid:84558635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.33.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695534/; classtype:trojan-activity;sid:84558634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.54.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695533/; classtype:trojan-activity;sid:84558633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695532)"; flow:established,from_client; content:"GET"; http_method; content:"/kla.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695532/; classtype:trojan-activity;sid:84558632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695531)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695531/; classtype:trojan-activity;sid:84558631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695530/; classtype:trojan-activity;sid:84558630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695529)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695529/; classtype:trojan-activity;sid:84558629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695526)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695526/; classtype:trojan-activity;sid:84558626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695527)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695527/; classtype:trojan-activity;sid:84558627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695528)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695528/; classtype:trojan-activity;sid:84558628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.221.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695525/; classtype:trojan-activity;sid:84558625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.15.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695524/; classtype:trojan-activity;sid:84558624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.152.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695523/; classtype:trojan-activity;sid:84558623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695521)"; flow:established,from_client; content:"GET"; http_method; content:"/0x83911d24fx.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695521/; classtype:trojan-activity;sid:84558621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695522)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695522/; classtype:trojan-activity;sid:84558622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.176.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695520/; classtype:trojan-activity;sid:84558620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.152.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695519/; classtype:trojan-activity;sid:84558619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.137.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695518/; classtype:trojan-activity;sid:84558618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.67.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695517/; classtype:trojan-activity;sid:84558617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695516)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695516/; classtype:trojan-activity;sid:84558616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695514)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695514/; classtype:trojan-activity;sid:84558614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695515)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695515/; classtype:trojan-activity;sid:84558615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695504)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695504/; classtype:trojan-activity;sid:84558604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695505)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695505/; classtype:trojan-activity;sid:84558605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695506)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695506/; classtype:trojan-activity;sid:84558606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695507)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695507/; classtype:trojan-activity;sid:84558607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695508)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695508/; classtype:trojan-activity;sid:84558608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695509)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695509/; classtype:trojan-activity;sid:84558609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695510)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695510/; classtype:trojan-activity;sid:84558610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695511)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695511/; classtype:trojan-activity;sid:84558611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695512)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695512/; classtype:trojan-activity;sid:84558612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695513)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695513/; classtype:trojan-activity;sid:84558613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695503)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.113.227.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695503/; classtype:trojan-activity;sid:84558603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.20.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695502/; classtype:trojan-activity;sid:84558602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.15.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695501/; classtype:trojan-activity;sid:84558601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.247.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695500/; classtype:trojan-activity;sid:84558600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695499)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.221.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695499/; classtype:trojan-activity;sid:84558599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.36.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695498/; classtype:trojan-activity;sid:84558598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.152.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695497/; classtype:trojan-activity;sid:84558597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.49.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695496/; classtype:trojan-activity;sid:84558596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695495)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.mips"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695495/; classtype:trojan-activity;sid:84558595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695493)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.i686"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695493/; classtype:trojan-activity;sid:84558593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695494)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.arm"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695494/; classtype:trojan-activity;sid:84558594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695481)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.x86_64"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695481/; classtype:trojan-activity;sid:84558581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695482)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.x86"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695482/; classtype:trojan-activity;sid:84558582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695483)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.i486"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695483/; classtype:trojan-activity;sid:84558583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695484)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.arm6"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695484/; classtype:trojan-activity;sid:84558584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695485)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.arm7"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695485/; classtype:trojan-activity;sid:84558585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695486)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.ppc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695486/; classtype:trojan-activity;sid:84558586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695487)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.arc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695487/; classtype:trojan-activity;sid:84558587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695488)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.arm5"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695488/; classtype:trojan-activity;sid:84558588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695489)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.mpsl"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695489/; classtype:trojan-activity;sid:84558589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695490)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.m68k"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695490/; classtype:trojan-activity;sid:84558590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695491)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.spc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695491/; classtype:trojan-activity;sid:84558591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695492)"; flow:established,from_client; content:"GET"; http_method; content:"/vye32gss2g38ekhmakrlddjgrnf2ybt4/fgx8snca4txepa.sh4"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695492/; classtype:trojan-activity;sid:84558592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.85.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695480/; classtype:trojan-activity;sid:84558580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695479/; classtype:trojan-activity;sid:84558579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.15.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695478/; classtype:trojan-activity;sid:84558578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695477/; classtype:trojan-activity;sid:84558577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.49.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695476/; classtype:trojan-activity;sid:84558576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.225.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695475/; classtype:trojan-activity;sid:84558575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695474/; classtype:trojan-activity;sid:84558574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.85.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695473/; classtype:trojan-activity;sid:84558573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.118.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695472/; classtype:trojan-activity;sid:84558572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.156.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695471/; classtype:trojan-activity;sid:84558571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.41.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695470/; classtype:trojan-activity;sid:84558570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.69.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695469/; classtype:trojan-activity;sid:84558569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.73.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695468/; classtype:trojan-activity;sid:84558568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.118.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695467/; classtype:trojan-activity;sid:84558567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.233.147.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695466/; classtype:trojan-activity;sid:84558566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.155.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695465/; classtype:trojan-activity;sid:84558565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.14.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695464/; classtype:trojan-activity;sid:84558564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.41.213.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695463/; classtype:trojan-activity;sid:84558563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.41.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695462/; classtype:trojan-activity;sid:84558562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.156.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695461/; classtype:trojan-activity;sid:84558561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.13.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695460/; classtype:trojan-activity;sid:84558560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.233.147.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695459/; classtype:trojan-activity;sid:84558559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.83.80.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695457/; classtype:trojan-activity;sid:84558557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.211.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695458/; classtype:trojan-activity;sid:84558558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.168.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695456/; classtype:trojan-activity;sid:84558556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.204.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695455/; classtype:trojan-activity;sid:84558555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.128.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695454/; classtype:trojan-activity;sid:84558554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695453/; classtype:trojan-activity;sid:84558553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.1.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695452/; classtype:trojan-activity;sid:84558552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.151.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695451/; classtype:trojan-activity;sid:84558551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.157.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695450/; classtype:trojan-activity;sid:84558550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.76.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695449/; classtype:trojan-activity;sid:84558549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695448)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"124.198.132.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695448/; classtype:trojan-activity;sid:84558548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.211.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695446/; classtype:trojan-activity;sid:84558546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.83.80.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695447/; classtype:trojan-activity;sid:84558547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.111.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695444/; classtype:trojan-activity;sid:84558544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.168.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695445/; classtype:trojan-activity;sid:84558545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.170.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695443/; classtype:trojan-activity;sid:84558543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.120.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695442/; classtype:trojan-activity;sid:84558542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.1.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695441/; classtype:trojan-activity;sid:84558541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.82.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695440/; classtype:trojan-activity;sid:84558540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695439/; classtype:trojan-activity;sid:84558539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.196.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695438/; classtype:trojan-activity;sid:84558538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.170.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695437/; classtype:trojan-activity;sid:84558537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.154.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695436/; classtype:trojan-activity;sid:84558536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.238.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695435/; classtype:trojan-activity;sid:84558535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.82.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695433/; classtype:trojan-activity;sid:84558533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.151.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695434/; classtype:trojan-activity;sid:84558534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.242.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695432/; classtype:trojan-activity;sid:84558532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.125.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695431/; classtype:trojan-activity;sid:84558531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.154.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695430/; classtype:trojan-activity;sid:84558530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.218.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695429/; classtype:trojan-activity;sid:84558529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.255.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695428/; classtype:trojan-activity;sid:84558528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.40.80.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695427/; classtype:trojan-activity;sid:84558527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.245.37.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695426/; classtype:trojan-activity;sid:84558526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.151.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695422/; classtype:trojan-activity;sid:84558522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.14.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695423/; classtype:trojan-activity;sid:84558523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.151.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695424/; classtype:trojan-activity;sid:84558524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.245.37.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695425/; classtype:trojan-activity;sid:84558525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.77.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695421/; classtype:trojan-activity;sid:84558521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.120.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695420/; classtype:trojan-activity;sid:84558520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.127.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695419/; classtype:trojan-activity;sid:84558519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.238.116.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695418/; classtype:trojan-activity;sid:84558518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.120.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695417/; classtype:trojan-activity;sid:84558517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695416/; classtype:trojan-activity;sid:84558516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695415)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695415/; classtype:trojan-activity;sid:84558515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695411)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695411/; classtype:trojan-activity;sid:84558511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695412)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695412/; classtype:trojan-activity;sid:84558512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695413)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695413/; classtype:trojan-activity;sid:84558513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695414)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695414/; classtype:trojan-activity;sid:84558514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695410/; classtype:trojan-activity;sid:84558510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695409/; classtype:trojan-activity;sid:84558509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.206.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695408/; classtype:trojan-activity;sid:84558508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.218.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695407/; classtype:trojan-activity;sid:84558507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.92.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695406/; classtype:trojan-activity;sid:84558506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.161.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695405/; classtype:trojan-activity;sid:84558505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.68.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695404/; classtype:trojan-activity;sid:84558504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695403/; classtype:trojan-activity;sid:84558503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695402)"; flow:established,from_client; content:"GET"; http_method; content:"/files/2038862353/fghomcw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695402/; classtype:trojan-activity;sid:84558502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.148.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695401/; classtype:trojan-activity;sid:84558501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.68.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695399/; classtype:trojan-activity;sid:84558499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.117.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695400/; classtype:trojan-activity;sid:84558500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.66.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695398/; classtype:trojan-activity;sid:84558498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695395)"; flow:established,from_client; content:"GET"; http_method; content:"/mwah"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.33.23.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695395/; classtype:trojan-activity;sid:84558495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695396)"; flow:established,from_client; content:"GET"; http_method; content:"/mwah"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dd.nvms9000.su"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695396/; classtype:trojan-activity;sid:84558496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695397)"; flow:established,from_client; content:"GET"; http_method; content:"/pppoeb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.33.23.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695397/; classtype:trojan-activity;sid:84558497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.148.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695394/; classtype:trojan-activity;sid:84558494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.176.21.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695393/; classtype:trojan-activity;sid:84558493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.66.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695392/; classtype:trojan-activity;sid:84558492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.68.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695391/; classtype:trojan-activity;sid:84558491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.17.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695390/; classtype:trojan-activity;sid:84558490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.127.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695387/; classtype:trojan-activity;sid:84558487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695388/; classtype:trojan-activity;sid:84558488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.61.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695389/; classtype:trojan-activity;sid:84558489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.181.192.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695386/; classtype:trojan-activity;sid:84558486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695385)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8134610967/qsgshxz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695385/; classtype:trojan-activity;sid:84558485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695382/; classtype:trojan-activity;sid:84558482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695383/; classtype:trojan-activity;sid:84558483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695384/; classtype:trojan-activity;sid:84558484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695376)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695376/; classtype:trojan-activity;sid:84558476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695377)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695377/; classtype:trojan-activity;sid:84558477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695378)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695378/; classtype:trojan-activity;sid:84558478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695379)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695379/; classtype:trojan-activity;sid:84558479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695380)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695380/; classtype:trojan-activity;sid:84558480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695381)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695381/; classtype:trojan-activity;sid:84558481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695373)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695373/; classtype:trojan-activity;sid:84558473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695374)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695374/; classtype:trojan-activity;sid:84558474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695375)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.87.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695375/; classtype:trojan-activity;sid:84558475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.17.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695371/; classtype:trojan-activity;sid:84558471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.68.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695372/; classtype:trojan-activity;sid:84558472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.6.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695370/; classtype:trojan-activity;sid:84558470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.127.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695369/; classtype:trojan-activity;sid:84558469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.181.192.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695368/; classtype:trojan-activity;sid:84558468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.223.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695367/; classtype:trojan-activity;sid:84558467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695366/; classtype:trojan-activity;sid:84558466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.149.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695365/; classtype:trojan-activity;sid:84558465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695363)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695363/; classtype:trojan-activity;sid:84558463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695364)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695364/; classtype:trojan-activity;sid:84558464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695362)"; flow:established,from_client; content:"GET"; http_method; content:"/b1ka1sdn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s9.l-ly.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695362/; classtype:trojan-activity;sid:84558462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695361)"; flow:established,from_client; content:"GET"; http_method; content:"/3iqz752gsu.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b.tyj-4b.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695361/; classtype:trojan-activity;sid:84558461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.152.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695360/; classtype:trojan-activity;sid:84558460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.248.83.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695359/; classtype:trojan-activity;sid:84558459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.123.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695358/; classtype:trojan-activity;sid:84558458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.173.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695357/; classtype:trojan-activity;sid:84558457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695356)"; flow:established,from_client; content:"GET"; http_method; content:"/mxz.check|3f|t=2wseqwby"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mg.k7t0.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695356/; classtype:trojan-activity;sid:84558456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.251.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695355/; classtype:trojan-activity;sid:84558455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695354)"; flow:established,from_client; content:"GET"; http_method; content:"/h7srmid2lj.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x19.k0xx-i4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695354/; classtype:trojan-activity;sid:84558454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.152.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695353/; classtype:trojan-activity;sid:84558453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695351)"; flow:established,from_client; content:"GET"; http_method; content:"/0xiet4jhzd.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n8r.k0xx-i4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695351/; classtype:trojan-activity;sid:84558451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695352)"; flow:established,from_client; content:"GET"; http_method; content:"/1a.check|3f|t=qk8a0ccv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ewo.0fv1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695352/; classtype:trojan-activity;sid:84558452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695349)"; flow:established,from_client; content:"GET"; http_method; content:"/7nz5pxwf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ewo.0fv1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695349/; classtype:trojan-activity;sid:84558449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695350)"; flow:established,from_client; content:"GET"; http_method; content:"/aamgwt9m76.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mz7.tyj-4b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695350/; classtype:trojan-activity;sid:84558450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695347)"; flow:established,from_client; content:"GET"; http_method; content:"/7o3ev7rxvq.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n8r.k0xx-i4.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695347/; classtype:trojan-activity;sid:84558447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695348)"; flow:established,from_client; content:"GET"; http_method; content:"/w9.check|3f|t=kg6ecle4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"h6.3u-6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695348/; classtype:trojan-activity;sid:84558448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695346)"; flow:established,from_client; content:"GET"; http_method; content:"/1ugj2ur17g.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"mz7.tyj-4b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695346/; classtype:trojan-activity;sid:84558446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695345)"; flow:established,from_client; content:"GET"; http_method; content:"/mn39v9gi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h6.3u-6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695345/; classtype:trojan-activity;sid:84558445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.81.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695344/; classtype:trojan-activity;sid:84558444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.248.83.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695343/; classtype:trojan-activity;sid:84558443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695342)"; flow:established,from_client; content:"GET"; http_method; content:"/732quea2u2.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q1.tyj-4b.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695342/; classtype:trojan-activity;sid:84558442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695341)"; flow:established,from_client; content:"GET"; http_method; content:"/u3w7pq1k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3rd.67tf.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695341/; classtype:trojan-activity;sid:84558441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695340)"; flow:established,from_client; content:"GET"; http_method; content:"/fst7hbr6ju.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q5.k0xx-i4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695340/; classtype:trojan-activity;sid:84558440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695339)"; flow:established,from_client; content:"GET"; http_method; content:"/vx.check|3f|t=ohfk9ahg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"3rd.67tf.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695339/; classtype:trojan-activity;sid:84558439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.171.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695338/; classtype:trojan-activity;sid:84558438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.183.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695337/; classtype:trojan-activity;sid:84558437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.231.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695336/; classtype:trojan-activity;sid:84558436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695335)"; flow:established,from_client; content:"GET"; http_method; content:"/pxrf4sjvnx.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q5.k0xx-i4.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695335/; classtype:trojan-activity;sid:84558435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695334)"; flow:established,from_client; content:"GET"; http_method; content:"/wr1.check|3f|t=voh1s6mh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9hb.p8ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695334/; classtype:trojan-activity;sid:84558434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695333)"; flow:established,from_client; content:"GET"; http_method; content:"/st8jbd0u0j.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q1.tyj-4b.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695333/; classtype:trojan-activity;sid:84558433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695332)"; flow:established,from_client; content:"GET"; http_method; content:"/m59rsphw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9hb.p8ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695332/; classtype:trojan-activity;sid:84558432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695331/; classtype:trojan-activity;sid:84558431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695330/; classtype:trojan-activity;sid:84558430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.171.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695329/; classtype:trojan-activity;sid:84558429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695328)"; flow:established,from_client; content:"GET"; http_method; content:"/q1oayrfgu8.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rk8.pdv4m6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695328/; classtype:trojan-activity;sid:84558428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695327)"; flow:established,from_client; content:"GET"; http_method; content:"/o5vaqhl2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1d.71o9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695327/; classtype:trojan-activity;sid:84558427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.231.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695326/; classtype:trojan-activity;sid:84558426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695325/; classtype:trojan-activity;sid:84558425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695324)"; flow:established,from_client; content:"GET"; http_method; content:"/5m.google|3f|t=szt1tvag"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1d.71o9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695324/; classtype:trojan-activity;sid:84558424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695323)"; flow:established,from_client; content:"GET"; http_method; content:"/f3z61fwhhp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v0x.do-04d2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695323/; classtype:trojan-activity;sid:84558423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.186.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695322/; classtype:trojan-activity;sid:84558422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.184.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695321/; classtype:trojan-activity;sid:84558421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695320)"; flow:established,from_client; content:"GET"; http_method; content:"/bik0b14y8l.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2v.pdv4m6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695320/; classtype:trojan-activity;sid:84558420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695319)"; flow:established,from_client; content:"GET"; http_method; content:"/iuewbdwr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8r.ha0m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695319/; classtype:trojan-activity;sid:84558419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.123.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695318/; classtype:trojan-activity;sid:84558418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695316)"; flow:established,from_client; content:"GET"; http_method; content:"/kj47n7921f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a3h.do-04d2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695316/; classtype:trojan-activity;sid:84558416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.118.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695317/; classtype:trojan-activity;sid:84558417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695315)"; flow:established,from_client; content:"GET"; http_method; content:"/o0.google|3f|t=v8dldyn6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8r.ha0m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695315/; classtype:trojan-activity;sid:84558415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695314/; classtype:trojan-activity;sid:84558414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.90.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695313/; classtype:trojan-activity;sid:84558413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695312)"; flow:established,from_client; content:"GET"; http_method; content:"/xxo1l7xux4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t92.do-04d2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695312/; classtype:trojan-activity;sid:84558412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695311)"; flow:established,from_client; content:"GET"; http_method; content:"/d4p.check|3f|t=ofr1rpxx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gf.g7ve.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695311/; classtype:trojan-activity;sid:84558411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.137.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695310/; classtype:trojan-activity;sid:84558410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695309)"; flow:established,from_client; content:"GET"; http_method; content:"/wvw3kfdqeu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t92.do-04d2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695309/; classtype:trojan-activity;sid:84558409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695308)"; flow:established,from_client; content:"GET"; http_method; content:"/sk.check|3f|t=6qlt85ew"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"1fu.si9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695308/; classtype:trojan-activity;sid:84558408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.222.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695307/; classtype:trojan-activity;sid:84558407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695306/; classtype:trojan-activity;sid:84558406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695305/; classtype:trojan-activity;sid:84558405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.166.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695304/; classtype:trojan-activity;sid:84558404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695303)"; flow:established,from_client; content:"GET"; http_method; content:"/5pnm5he6d7.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y0q9.pdv4m6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695303/; classtype:trojan-activity;sid:84558403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695302)"; flow:established,from_client; content:"GET"; http_method; content:"/5y3qabjs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"izw.mjg1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695302/; classtype:trojan-activity;sid:84558402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695300/; classtype:trojan-activity;sid:84558400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.184.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695301/; classtype:trojan-activity;sid:84558401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695299)"; flow:established,from_client; content:"GET"; http_method; content:"/lbcqpx4y6k.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z1n.do-04d2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695299/; classtype:trojan-activity;sid:84558399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695298)"; flow:established,from_client; content:"GET"; http_method; content:"/48.check|3f|t=yo9kyr5x"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gt.yu5k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695298/; classtype:trojan-activity;sid:84558398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.14.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695297/; classtype:trojan-activity;sid:84558397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.41.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695296/; classtype:trojan-activity;sid:84558396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695294)"; flow:established,from_client; content:"GET"; http_method; content:"/v2ok7fy7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x7f.no4s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695294/; classtype:trojan-activity;sid:84558394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695295)"; flow:established,from_client; content:"GET"; http_method; content:"/55p1ybzrt7.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g7m.pdv4m6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695295/; classtype:trojan-activity;sid:84558395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695293/; classtype:trojan-activity;sid:84558393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695292)"; flow:established,from_client; content:"GET"; http_method; content:"/mkc.google|3f|t=tpe3s35z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x7f.no4s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695292/; classtype:trojan-activity;sid:84558392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695291)"; flow:established,from_client; content:"GET"; http_method; content:"/sq2hvun39i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z1n.do-04d2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695291/; classtype:trojan-activity;sid:84558391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.99.233.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695290/; classtype:trojan-activity;sid:84558390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.151.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695289/; classtype:trojan-activity;sid:84558389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695287)"; flow:established,from_client; content:"GET"; http_method; content:"/27.google|3f|t=8744lxr6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ikx.1r55.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695287/; classtype:trojan-activity;sid:84558387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695288)"; flow:established,from_client; content:"GET"; http_method; content:"/1hv7esm86a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m4q.do-04d2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695288/; classtype:trojan-activity;sid:84558388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.137.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695286/; classtype:trojan-activity;sid:84558386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695285)"; flow:established,from_client; content:"GET"; http_method; content:"/9h0nzxkppc.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n4.pdv4m6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695285/; classtype:trojan-activity;sid:84558385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695284)"; flow:established,from_client; content:"GET"; http_method; content:"/m4wiqy58"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"j8e.8786.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695284/; classtype:trojan-activity;sid:84558384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.205.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695283/; classtype:trojan-activity;sid:84558383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695281)"; flow:established,from_client; content:"GET"; http_method; content:"/cqx.google|3f|t=kbzqgixr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"j8e.8786.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695281/; classtype:trojan-activity;sid:84558381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695282)"; flow:established,from_client; content:"GET"; http_method; content:"/c13c8mqxb6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m4q.do-04d2.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695282/; classtype:trojan-activity;sid:84558382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695280)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dotauan.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695280/; classtype:trojan-activity;sid:84558380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695278/; classtype:trojan-activity;sid:84558378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.76.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695279/; classtype:trojan-activity;sid:84558379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695275)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.112.240.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695275/; classtype:trojan-activity;sid:84558375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695276)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.112.240.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695276/; classtype:trojan-activity;sid:84558376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.181.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695277/; classtype:trojan-activity;sid:84558377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695274)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/bof.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"dotauan.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695274/; classtype:trojan-activity;sid:84558374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695273)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.70.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695273/; classtype:trojan-activity;sid:84558373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.182.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695271/; classtype:trojan-activity;sid:84558371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.196.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695272/; classtype:trojan-activity;sid:84558372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.235.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695268/; classtype:trojan-activity;sid:84558368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.57.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695269/; classtype:trojan-activity;sid:84558369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"test.teteos.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695270/; classtype:trojan-activity;sid:84558370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.50.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695266/; classtype:trojan-activity;sid:84558366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.247.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695267/; classtype:trojan-activity;sid:84558367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695265)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"82.112.240.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695265/; classtype:trojan-activity;sid:84558365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695263)"; flow:established,from_client; content:"GET"; http_method; content:"/js.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"graffetti.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695263/; classtype:trojan-activity;sid:84558363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695264)"; flow:established,from_client; content:"GET"; http_method; content:"/6s9s.js"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"graffetti.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695264/; classtype:trojan-activity;sid:84558364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695262)"; flow:established,from_client; content:"GET"; http_method; content:"/dclb6i7xy9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.do-04d2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695262/; classtype:trojan-activity;sid:84558362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695260)"; flow:established,from_client; content:"GET"; http_method; content:"/ng.check|3f|t=nb3w8zi8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sc.5x7u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695260/; classtype:trojan-activity;sid:84558360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695261)"; flow:established,from_client; content:"GET"; http_method; content:"/gk7rwbd9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sc.5x7u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695261/; classtype:trojan-activity;sid:84558361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.0.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695259/; classtype:trojan-activity;sid:84558359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.101.92.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695258/; classtype:trojan-activity;sid:84558358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695257/; classtype:trojan-activity;sid:84558357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.41.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695256/; classtype:trojan-activity;sid:84558356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.6.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695255/; classtype:trojan-activity;sid:84558355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695254)"; flow:established,from_client; content:"GET"; http_method; content:"/91o.google|3f|t=pe2q6t5f"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"8mr.71o9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695254/; classtype:trojan-activity;sid:84558354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695253)"; flow:established,from_client; content:"GET"; http_method; content:"/30r9scpxv0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7.do-04d2.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695253/; classtype:trojan-activity;sid:84558353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.186.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695252/; classtype:trojan-activity;sid:84558352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.4.60"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695251/; classtype:trojan-activity;sid:84558351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.76.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695250/; classtype:trojan-activity;sid:84558350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.225.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695249/; classtype:trojan-activity;sid:84558349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695248)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695248/; classtype:trojan-activity;sid:84558348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695247)"; flow:established,from_client; content:"GET"; http_method; content:"/8wh8wcyr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8mr.71o9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695247/; classtype:trojan-activity;sid:84558347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695246)"; flow:established,from_client; content:"GET"; http_method; content:"/hey5s8lkpq.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v7p2.9m94k8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695246/; classtype:trojan-activity;sid:84558346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695245)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695245/; classtype:trojan-activity;sid:84558345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695243)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695243/; classtype:trojan-activity;sid:84558343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695244)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695244/; classtype:trojan-activity;sid:84558344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695242)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695242/; classtype:trojan-activity;sid:84558342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695238)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695238/; classtype:trojan-activity;sid:84558338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695239)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695239/; classtype:trojan-activity;sid:84558339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695240)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695240/; classtype:trojan-activity;sid:84558340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695241)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695241/; classtype:trojan-activity;sid:84558341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695234)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695234/; classtype:trojan-activity;sid:84558334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695235)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695235/; classtype:trojan-activity;sid:84558335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695236)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695236/; classtype:trojan-activity;sid:84558336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695237)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695237/; classtype:trojan-activity;sid:84558337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695226)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695226/; classtype:trojan-activity;sid:84558326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695227)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695227/; classtype:trojan-activity;sid:84558327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695228)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695228/; classtype:trojan-activity;sid:84558328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695229)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695229/; classtype:trojan-activity;sid:84558329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695230)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695230/; classtype:trojan-activity;sid:84558330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695231)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695231/; classtype:trojan-activity;sid:84558331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695232)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"196.251.87.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695232/; classtype:trojan-activity;sid:84558332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695233)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695233/; classtype:trojan-activity;sid:84558333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695224)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695224/; classtype:trojan-activity;sid:84558324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695225)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"179.61.132.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695225/; classtype:trojan-activity;sid:84558325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695223)"; flow:established,from_client; content:"GET"; http_method; content:"/plpwx9oa98.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v7p2.9m94k8.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695223/; classtype:trojan-activity;sid:84558323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695222)"; flow:established,from_client; content:"GET"; http_method; content:"/zag6lpdo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7hb.yldv.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695222/; classtype:trojan-activity;sid:84558322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695221/; classtype:trojan-activity;sid:84558321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695220/; classtype:trojan-activity;sid:84558320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.4.60"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695219/; classtype:trojan-activity;sid:84558319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695218)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6065878864/doqobay.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695218/; classtype:trojan-activity;sid:84558318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695217)"; flow:established,from_client; content:"GET"; http_method; content:"/zwq6pmvxrg.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.9m94k8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695217/; classtype:trojan-activity;sid:84558317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695216)"; flow:established,from_client; content:"GET"; http_method; content:"/gpm5dao9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yn.ha0m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695216/; classtype:trojan-activity;sid:84558316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695215)"; flow:established,from_client; content:"GET"; http_method; content:"/qmb.google|3f|t=u8fu13gg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"w5t.g7ve.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695215/; classtype:trojan-activity;sid:84558315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695214)"; flow:established,from_client; content:"GET"; http_method; content:"/ye0uvkfr9i.4sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"0m3.8j4-5-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695214/; classtype:trojan-activity;sid:84558314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.104.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695213/; classtype:trojan-activity;sid:84558313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695212)"; flow:established,from_client; content:"GET"; http_method; content:"/0ws.google|3f|t=zhmgsl0e"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5c5.si9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695212/; classtype:trojan-activity;sid:84558312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695211)"; flow:established,from_client; content:"GET"; http_method; content:"/uiy2wrypey.4sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"0m3.8j4-5-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695211/; classtype:trojan-activity;sid:84558311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695210)"; flow:established,from_client; content:"GET"; http_method; content:"/9eq79mtea0.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a.9m94k8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695210/; classtype:trojan-activity;sid:84558310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695209)"; flow:established,from_client; content:"GET"; http_method; content:"/i8vc6myl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5j.to1j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695209/; classtype:trojan-activity;sid:84558309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.198.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695208/; classtype:trojan-activity;sid:84558308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695207)"; flow:established,from_client; content:"GET"; http_method; content:"/kz51j965cr.4sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gn8.8j4-5-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695207/; classtype:trojan-activity;sid:84558307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695206)"; flow:established,from_client; content:"GET"; http_method; content:"/qou.google|3f|t=0wot8b05"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5j.to1j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695206/; classtype:trojan-activity;sid:84558306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695205)"; flow:established,from_client; content:"GET"; http_method; content:"/usb_network_gate.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"recruitslate.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695205/; classtype:trojan-activity;sid:84558305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.47.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695204/; classtype:trojan-activity;sid:84558304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695203)"; flow:established,from_client; content:"GET"; http_method; content:"/audioservice.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"167.99.129.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695203/; classtype:trojan-activity;sid:84558303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.104.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695202/; classtype:trojan-activity;sid:84558302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695201)"; flow:established,from_client; content:"GET"; http_method; content:"/55fakbliz8.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m0x.9m94k8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695201/; classtype:trojan-activity;sid:84558301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695200)"; flow:established,from_client; content:"GET"; http_method; content:"/623trinj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sp5.mjg1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695200/; classtype:trojan-activity;sid:84558300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.27.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695199/; classtype:trojan-activity;sid:84558299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695198)"; flow:established,from_client; content:"GET"; http_method; content:"/dg5xcxdqdt.4sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y7.8j4-5-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695198/; classtype:trojan-activity;sid:84558298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695197)"; flow:established,from_client; content:"GET"; http_method; content:"/jq.check|3f|t=gjah43j8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"sp5.mjg1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695197/; classtype:trojan-activity;sid:84558297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.48.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695196/; classtype:trojan-activity;sid:84558296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695195)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.19.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695195/; classtype:trojan-activity;sid:84558295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695192)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.19.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695192/; classtype:trojan-activity;sid:84558292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695193)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.19.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695193/; classtype:trojan-activity;sid:84558293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695194)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.19.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695194/; classtype:trojan-activity;sid:84558294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695190)"; flow:established,from_client; content:"GET"; http_method; content:"/gxq6spmqbx.4sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2wq.8j4-5-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695190/; classtype:trojan-activity;sid:84558290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.47.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695191/; classtype:trojan-activity;sid:84558291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695187)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.19.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695187/; classtype:trojan-activity;sid:84558287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695188)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.19.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695188/; classtype:trojan-activity;sid:84558288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695189)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.19.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695189/; classtype:trojan-activity;sid:84558289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695186)"; flow:established,from_client; content:"GET"; http_method; content:"/luw.check|3f|t=qrid8svo"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8fz.yu5k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695186/; classtype:trojan-activity;sid:84558286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695183)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.19.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695183/; classtype:trojan-activity;sid:84558283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695184)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.19.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695184/; classtype:trojan-activity;sid:84558284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695185)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.19.33.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695185/; classtype:trojan-activity;sid:84558285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.184.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695182/; classtype:trojan-activity;sid:84558282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695181)"; flow:established,from_client; content:"GET"; http_method; content:"/pu3.google|3f|t=xktw1poy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"le.no4s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695181/; classtype:trojan-activity;sid:84558281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695180)"; flow:established,from_client; content:"GET"; http_method; content:"/jfr1j1jm68.4sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rz1.8j4-5-6.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695180/; classtype:trojan-activity;sid:84558280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.93.81.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695179/; classtype:trojan-activity;sid:84558279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.111.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695178/; classtype:trojan-activity;sid:84558278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.37.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695177/; classtype:trojan-activity;sid:84558277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.252.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695175/; classtype:trojan-activity;sid:84558275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695176)"; flow:established,from_client; content:"GET"; http_method; content:"/8acd650o64.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z8q.9m94k8.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695176/; classtype:trojan-activity;sid:84558276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695174)"; flow:established,from_client; content:"GET"; http_method; content:"/gjrwqo7j"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5h.1r55.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695174/; classtype:trojan-activity;sid:84558274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695173)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1776871603/0rxld4e.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695173/; classtype:trojan-activity;sid:84558273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695172)"; flow:established,from_client; content:"GET"; http_method; content:"/8mx6si6l6l.4sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k4.8j4-5-6.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695172/; classtype:trojan-activity;sid:84558272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695171)"; flow:established,from_client; content:"GET"; http_method; content:"/0kf.google|3f|t=6kttshcw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sdg.8786.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695171/; classtype:trojan-activity;sid:84558271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695170/; classtype:trojan-activity;sid:84558270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.30.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695169/; classtype:trojan-activity;sid:84558269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695168)"; flow:established,from_client; content:"GET"; http_method; content:"/g9z2c1akfw.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k3.9m94k8.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695168/; classtype:trojan-activity;sid:84558268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695167)"; flow:established,from_client; content:"GET"; http_method; content:"/i2iaw01r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"df.5x7u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695167/; classtype:trojan-activity;sid:84558267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.13.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695166/; classtype:trojan-activity;sid:84558266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.206.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695165/; classtype:trojan-activity;sid:84558265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695163)"; flow:established,from_client; content:"GET"; http_method; content:"/ymu.google|3f|t=te0nioh9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"df.5x7u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695163/; classtype:trojan-activity;sid:84558263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695164)"; flow:established,from_client; content:"GET"; http_method; content:"/0wuskow5ft.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"4d3.f-o-9bt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695164/; classtype:trojan-activity;sid:84558264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.39.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695162/; classtype:trojan-activity;sid:84558262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.226.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695161/; classtype:trojan-activity;sid:84558261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695159)"; flow:established,from_client; content:"GET"; http_method; content:"/i3.check|3f|t=qcuphx4m"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ip1.p8ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695159/; classtype:trojan-activity;sid:84558259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695160)"; flow:established,from_client; content:"GET"; http_method; content:"/k4k4g0j0qq.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"4d3.f-o-9bt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695160/; classtype:trojan-activity;sid:84558260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695158)"; flow:established,from_client; content:"GET"; http_method; content:"/lnipyg2a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ip1.p8ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695158/; classtype:trojan-activity;sid:84558258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.183.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695157/; classtype:trojan-activity;sid:84558257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695156)"; flow:established,from_client; content:"GET"; http_method; content:"/0u.check|3f|t=qha4u2v4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"go.71o9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695156/; classtype:trojan-activity;sid:84558256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.37.63.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695155/; classtype:trojan-activity;sid:84558255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.13.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695154/; classtype:trojan-activity;sid:84558254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.40.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695153/; classtype:trojan-activity;sid:84558253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.183.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695152/; classtype:trojan-activity;sid:84558252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695151)"; flow:established,from_client; content:"GET"; http_method; content:"/6da.check|3f|t=djehx4oh"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"36.yldv.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695151/; classtype:trojan-activity;sid:84558251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695150)"; flow:established,from_client; content:"GET"; http_method; content:"/8qkfekwkld.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"hxn.f-o-9bt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695150/; classtype:trojan-activity;sid:84558250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695149)"; flow:established,from_client; content:"GET"; http_method; content:"/ju59gk8yf9.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n4kw.5g-t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695149/; classtype:trojan-activity;sid:84558249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695148)"; flow:established,from_client; content:"GET"; http_method; content:"/iktjiakf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"36.yldv.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695148/; classtype:trojan-activity;sid:84558248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.245.151.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695147/; classtype:trojan-activity;sid:84558247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.63.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695146/; classtype:trojan-activity;sid:84558246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.243.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695145/; classtype:trojan-activity;sid:84558245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695144)"; flow:established,from_client; content:"GET"; http_method; content:"/hn51jwbk6k.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x9td2.5g-t.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695144/; classtype:trojan-activity;sid:84558244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695143)"; flow:established,from_client; content:"GET"; http_method; content:"/g6nldy11"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ta5.ha0m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695143/; classtype:trojan-activity;sid:84558243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695142)"; flow:established,from_client; content:"GET"; http_method; content:"/8gge9aqvpo.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p01.f-o-9bt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695142/; classtype:trojan-activity;sid:84558242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695141)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"de4z.wristplante.digital"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695141/; classtype:trojan-activity;sid:84558241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695140)"; flow:established,from_client; content:"GET"; http_method; content:"/m68"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695140/; classtype:trojan-activity;sid:84558240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695139)"; flow:established,from_client; content:"GET"; http_method; content:"/82a.google|3f|t=a9g3zswm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"4j5.g7ve.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695139/; classtype:trojan-activity;sid:84558239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695138)"; flow:established,from_client; content:"GET"; http_method; content:"/7h6qdjmwgy.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x9td2.5g-t.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695138/; classtype:trojan-activity;sid:84558238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695137)"; flow:established,from_client; content:"GET"; http_method; content:"/4x1dgwwl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4j5.g7ve.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695137/; classtype:trojan-activity;sid:84558237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695136)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kkm/ofsdf0f923ofowcvi029230909dfogoiosodf023f932o320is0f0x0cv9c0v90w9.hta"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"192.3.177.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695136/; classtype:trojan-activity;sid:84558236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695135)"; flow:established,from_client; content:"GET"; http_method; content:"/989/fds0cx09vsfjjf923009d0g9fg9c9cv8bcv9b0cvb90vdf909c898cvb8cv9b89cv9b89cb99vb89cv9.hta"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"46.183.220.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695135/; classtype:trojan-activity;sid:84558235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.224.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695134/; classtype:trojan-activity;sid:84558234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695133)"; flow:established,from_client; content:"GET"; http_method; content:"/zn.check|3f|t=of59bmgz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"3i7.si9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695133/; classtype:trojan-activity;sid:84558233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695132)"; flow:established,from_client; content:"GET"; http_method; content:"/446/fsfjjs903dsf8328sd3930f03303fsdsft233030g484030f309fdfg320400rtetdfg0xc3049gdf329dg20.hta"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"192.3.136.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695132/; classtype:trojan-activity;sid:84558232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695131)"; flow:established,from_client; content:"GET"; http_method; content:"/jzld2asv8r.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7qk.f-o-9bt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695131/; classtype:trojan-activity;sid:84558231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.228.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695130/; classtype:trojan-activity;sid:84558230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.183.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695129/; classtype:trojan-activity;sid:84558229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695128)"; flow:established,from_client; content:"GET"; http_method; content:"/h7ttqk6ei1.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"7qk.f-o-9bt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695128/; classtype:trojan-activity;sid:84558228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695127)"; flow:established,from_client; content:"GET"; http_method; content:"/4xu.check|3f|t=0k80vfzd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rt.to1j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695127/; classtype:trojan-activity;sid:84558227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695126)"; flow:established,from_client; content:"GET"; http_method; content:"/gz10zjtq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rt.to1j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695126/; classtype:trojan-activity;sid:84558226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.243.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695124/; classtype:trojan-activity;sid:84558224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695125)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/o4sh5wv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695125/; classtype:trojan-activity;sid:84558225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.161.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695123/; classtype:trojan-activity;sid:84558223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.228.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695122/; classtype:trojan-activity;sid:84558222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695121)"; flow:established,from_client; content:"GET"; http_method; content:"/0v.google|3f|t=0sukz25j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"id.mjg1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695121/; classtype:trojan-activity;sid:84558221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.154.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695120/; classtype:trojan-activity;sid:84558220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695119)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.242.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695119/; classtype:trojan-activity;sid:84558219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695115)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.227.152.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695115/; classtype:trojan-activity;sid:84558215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695116)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"60.204.169.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695116/; classtype:trojan-activity;sid:84558216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695117)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"119.91.32.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695117/; classtype:trojan-activity;sid:84558217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695118)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.7.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695118/; classtype:trojan-activity;sid:84558218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.227.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695114/; classtype:trojan-activity;sid:84558214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.84.221.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695111/; classtype:trojan-activity;sid:84558211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.235.242.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695112/; classtype:trojan-activity;sid:84558212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.64.18.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695113/; classtype:trojan-activity;sid:84558213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.16.157.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695106/; classtype:trojan-activity;sid:84558206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.249.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695107/; classtype:trojan-activity;sid:84558207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.160.65.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695108/; classtype:trojan-activity;sid:84558208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.65.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695109/; classtype:trojan-activity;sid:84558209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.110.68.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695110/; classtype:trojan-activity;sid:84558210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.39.8.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695103/; classtype:trojan-activity;sid:84558203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.238.102.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695104/; classtype:trojan-activity;sid:84558204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.87.74.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695105/; classtype:trojan-activity;sid:84558205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.129.17.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695101/; classtype:trojan-activity;sid:84558201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.36.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695102/; classtype:trojan-activity;sid:84558202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.138.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695097/; classtype:trojan-activity;sid:84558197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.146.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695098/; classtype:trojan-activity;sid:84558198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.13.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695099/; classtype:trojan-activity;sid:84558199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.140.109.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695100/; classtype:trojan-activity;sid:84558200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.117.127.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695096/; classtype:trojan-activity;sid:84558196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695095)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.159.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695095/; classtype:trojan-activity;sid:84558195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695093)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.237.1.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695093/; classtype:trojan-activity;sid:84558193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695094)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.176.174.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695094/; classtype:trojan-activity;sid:84558194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695090)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"189.165.2.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695090/; classtype:trojan-activity;sid:84558190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695091)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.237.1.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695091/; classtype:trojan-activity;sid:84558191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695092)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.209.114.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695092/; classtype:trojan-activity;sid:84558192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695083)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.151.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695083/; classtype:trojan-activity;sid:84558183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695084)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.151.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695084/; classtype:trojan-activity;sid:84558184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695085)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.163.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695085/; classtype:trojan-activity;sid:84558185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695086)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"58.186.163.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695086/; classtype:trojan-activity;sid:84558186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695087)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.90.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695087/; classtype:trojan-activity;sid:84558187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695088)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.197.141.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695088/; classtype:trojan-activity;sid:84558188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695089)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"116.103.161.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695089/; classtype:trojan-activity;sid:84558189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695079)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.176.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695079/; classtype:trojan-activity;sid:84558179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695080)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.86.246.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695080/; classtype:trojan-activity;sid:84558180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695081)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.80.175.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695081/; classtype:trojan-activity;sid:84558181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695082)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.84.28.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695082/; classtype:trojan-activity;sid:84558182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.151.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695078/; classtype:trojan-activity;sid:84558178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.195.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695077/; classtype:trojan-activity;sid:84558177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695076)"; flow:established,from_client; content:"GET"; http_method; content:"/files/968071618/cic7mzi.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695076/; classtype:trojan-activity;sid:84558176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695074)"; flow:established,from_client; content:"GET"; http_method; content:"/x7t.google|3f|t=z7szwenw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"i6y.no4s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695074/; classtype:trojan-activity;sid:84558174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695075)"; flow:established,from_client; content:"GET"; http_method; content:"/nbmivyx106.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cv8.f-o-9bt.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695075/; classtype:trojan-activity;sid:84558175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.114.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695073/; classtype:trojan-activity;sid:84558173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.220.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695072/; classtype:trojan-activity;sid:84558172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.161.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695071/; classtype:trojan-activity;sid:84558171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695070)"; flow:established,from_client; content:"GET"; http_method; content:"/fes.check|3f|t=3vamjiic"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2rf.1r55.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695070/; classtype:trojan-activity;sid:84558170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695069)"; flow:established,from_client; content:"GET"; http_method; content:"/1h4ek3vtt0.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m2.f-o-9bt.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695069/; classtype:trojan-activity;sid:84558169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.169.47.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695068/; classtype:trojan-activity;sid:84558168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.151.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695067/; classtype:trojan-activity;sid:84558167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.195.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695066/; classtype:trojan-activity;sid:84558166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695065)"; flow:established,from_client; content:"GET"; http_method; content:"/yeo0v0lyoj.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wz3.g6xt-5n.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695065/; classtype:trojan-activity;sid:84558165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695064)"; flow:established,from_client; content:"GET"; http_method; content:"/bt.google|3f|t=6x43arpp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m9y.p8ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695064/; classtype:trojan-activity;sid:84558164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.220.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695063/; classtype:trojan-activity;sid:84558163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.130.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695062/; classtype:trojan-activity;sid:84558162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.114.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695061/; classtype:trojan-activity;sid:84558161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.184.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695060/; classtype:trojan-activity;sid:84558160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.161.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695059/; classtype:trojan-activity;sid:84558159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695058)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/5rmgci0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695058/; classtype:trojan-activity;sid:84558158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695056)"; flow:established,from_client; content:"GET"; http_method; content:"/yfkdzsboho.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q3ha.5g-t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695056/; classtype:trojan-activity;sid:84558156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.121.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695057/; classtype:trojan-activity;sid:84558157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695055)"; flow:established,from_client; content:"GET"; http_method; content:"/lxkl4pbi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f1.71o9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695055/; classtype:trojan-activity;sid:84558155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695054)"; flow:established,from_client; content:"GET"; http_method; content:"/dy.check|3f|t=iluyw3di"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"f1.71o9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695054/; classtype:trojan-activity;sid:84558154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.37.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695053/; classtype:trojan-activity;sid:84558153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695052)"; flow:established,from_client; content:"GET"; http_method; content:"/re7wfkn38q.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b5k2.g6xt-5n.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695052/; classtype:trojan-activity;sid:84558152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695051)"; flow:established,from_client; content:"GET"; http_method; content:"/64gczwfbsm.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q3ha.5g-t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695051/; classtype:trojan-activity;sid:84558151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695050)"; flow:established,from_client; content:"GET"; http_method; content:"/8krzfusm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"w6.yldv.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695050/; classtype:trojan-activity;sid:84558150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695049)"; flow:established,from_client; content:"GET"; http_method; content:"/9x.check|3f|t=94eypd0v"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"w6.yldv.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695049/; classtype:trojan-activity;sid:84558149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695048)"; flow:established,from_client; content:"GET"; http_method; content:"/4ss2bjh983.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b5k2.g6xt-5n.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695048/; classtype:trojan-activity;sid:84558148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.184.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695047/; classtype:trojan-activity;sid:84558147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.81.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695046/; classtype:trojan-activity;sid:84558146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695045)"; flow:established,from_client; content:"GET"; http_method; content:"/69gc3g5ayj.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b7rp.5g-t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695045/; classtype:trojan-activity;sid:84558145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695044)"; flow:established,from_client; content:"GET"; http_method; content:"/hvsmpc44"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zts.ha0m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695044/; classtype:trojan-activity;sid:84558144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.74.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695043/; classtype:trojan-activity;sid:84558143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695042)"; flow:established,from_client; content:"GET"; http_method; content:"/f40c12ocg5.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"9m.g6xt-5n.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695042/; classtype:trojan-activity;sid:84558142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695041)"; flow:established,from_client; content:"GET"; http_method; content:"/xn.google|3f|t=9jrghczt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"zts.ha0m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695041/; classtype:trojan-activity;sid:84558141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.37.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695040/; classtype:trojan-activity;sid:84558140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695038)"; flow:established,from_client; content:"GET"; http_method; content:"/h6.google|3f|t=w7a6jvvu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vy6.g7ve.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695038/; classtype:trojan-activity;sid:84558138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695039)"; flow:established,from_client; content:"GET"; http_method; content:"/d79rwuyik3.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tq0.g6xt-5n.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695039/; classtype:trojan-activity;sid:84558139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695037/; classtype:trojan-activity;sid:84558137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.167.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695035/; classtype:trojan-activity;sid:84558135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695036)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"117.205.167.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695036/; classtype:trojan-activity;sid:84558136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695034)"; flow:established,from_client; content:"GET"; http_method; content:"/114.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.100.157.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695034/; classtype:trojan-activity;sid:84558134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.108.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695033/; classtype:trojan-activity;sid:84558133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.19.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695032/; classtype:trojan-activity;sid:84558132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695031)"; flow:established,from_client; content:"GET"; http_method; content:"/xbfi9suunq.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tq0.g6xt-5n.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695031/; classtype:trojan-activity;sid:84558131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695030)"; flow:established,from_client; content:"GET"; http_method; content:"/auk.google|3f|t=cb0lpk71"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xjh.si9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695030/; classtype:trojan-activity;sid:84558130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.81.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695029/; classtype:trojan-activity;sid:84558129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.15.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695028/; classtype:trojan-activity;sid:84558128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695027/; classtype:trojan-activity;sid:84558127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695025)"; flow:established,from_client; content:"GET"; http_method; content:"/aa20ctnh19.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xr7.g6xt-5n.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695025/; classtype:trojan-activity;sid:84558125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695026)"; flow:established,from_client; content:"GET"; http_method; content:"/sq.check|3f|t=dj4h735w"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"1hi.to1j.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695026/; classtype:trojan-activity;sid:84558126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.208.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695024/; classtype:trojan-activity;sid:84558124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695023)"; flow:established,from_client; content:"GET"; http_method; content:"/30qh6e8imf.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xr7.g6xt-5n.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695023/; classtype:trojan-activity;sid:84558123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695022)"; flow:established,from_client; content:"GET"; http_method; content:"/84.google|3f|t=1pe7dd7v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gxc.mjg1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695022/; classtype:trojan-activity;sid:84558122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.4.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695021/; classtype:trojan-activity;sid:84558121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695019)"; flow:established,from_client; content:"GET"; http_method; content:"/1c83xz9h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gxc.mjg1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695019/; classtype:trojan-activity;sid:84558119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695020)"; flow:established,from_client; content:"GET"; http_method; content:"/we7f1x4rwx.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y6f0.5g-t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695020/; classtype:trojan-activity;sid:84558120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.108.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695018/; classtype:trojan-activity;sid:84558118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.33.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695017/; classtype:trojan-activity;sid:84558117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.19.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695016/; classtype:trojan-activity;sid:84558116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695015)"; flow:established,from_client; content:"GET"; http_method; content:"/1m73qgyri8.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xr7.g6xt-5n.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695015/; classtype:trojan-activity;sid:84558115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695014)"; flow:established,from_client; content:"GET"; http_method; content:"/sw.check|3f|t=nqvdwhpy"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"k9k.yu5k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695014/; classtype:trojan-activity;sid:84558114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.15.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695013/; classtype:trojan-activity;sid:84558113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.111.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695012/; classtype:trojan-activity;sid:84558112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695011)"; flow:established,from_client; content:"GET"; http_method; content:"/nigger/x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"77.90.39.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695011/; classtype:trojan-activity;sid:84558111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.39.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695010/; classtype:trojan-activity;sid:84558110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.111.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695008/; classtype:trojan-activity;sid:84558108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.194.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695009/; classtype:trojan-activity;sid:84558109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.224.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695006/; classtype:trojan-activity;sid:84558106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695007/; classtype:trojan-activity;sid:84558107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695004/; classtype:trojan-activity;sid:84558104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.15.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695005/; classtype:trojan-activity;sid:84558105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.39.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695003/; classtype:trojan-activity;sid:84558103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695002)"; flow:established,from_client; content:"GET"; http_method; content:"/gtop.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695002/; classtype:trojan-activity;sid:84558102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695001)"; flow:established,from_client; content:"GET"; http_method; content:"/c3ig3n3wb1.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y6f0.5g-t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695001/; classtype:trojan-activity;sid:84558101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694998)"; flow:established,from_client; content:"GET"; http_method; content:"/ezkjzhio"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a1.no4s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694998/; classtype:trojan-activity;sid:84558098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694999)"; flow:established,from_client; content:"GET"; http_method; content:"/gg5.check|3f|t=os63qbjn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a1.no4s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694999/; classtype:trojan-activity;sid:84558099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695000)"; flow:established,from_client; content:"GET"; http_method; content:"/htmdts2sc2.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a1.g6xt-5n.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695000/; classtype:trojan-activity;sid:84558100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694997/; classtype:trojan-activity;sid:84558097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694985)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694985/; classtype:trojan-activity;sid:84558085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694986)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694986/; classtype:trojan-activity;sid:84558086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694987)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694987/; classtype:trojan-activity;sid:84558087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694988)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694988/; classtype:trojan-activity;sid:84558088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694989)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694989/; classtype:trojan-activity;sid:84558089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694990)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694990/; classtype:trojan-activity;sid:84558090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694991)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694991/; classtype:trojan-activity;sid:84558091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694992)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694992/; classtype:trojan-activity;sid:84558092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694993)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694993/; classtype:trojan-activity;sid:84558093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694994)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694994/; classtype:trojan-activity;sid:84558094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694995)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694995/; classtype:trojan-activity;sid:84558095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694996)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694996/; classtype:trojan-activity;sid:84558096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.166.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694984/; classtype:trojan-activity;sid:84558084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.44.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694983/; classtype:trojan-activity;sid:84558083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694982)"; flow:established,from_client; content:"GET"; http_method; content:"/bn.check|3f|t=8wkum0d6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"m5.1r55.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694982/; classtype:trojan-activity;sid:84558082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694981)"; flow:established,from_client; content:"GET"; http_method; content:"/mqix96juuw.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a1.g6xt-5n.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694981/; classtype:trojan-activity;sid:84558081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694980)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6691015685/01zenoj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694980/; classtype:trojan-activity;sid:84558080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694979)"; flow:established,from_client; content:"GET"; http_method; content:"/8b0kmyyroq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c4w.k8cr-9b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694979/; classtype:trojan-activity;sid:84558079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.76.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694978/; classtype:trojan-activity;sid:84558078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694977)"; flow:established,from_client; content:"GET"; http_method; content:"/n2r.google|3f|t=qk6ka7lc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sog.8786.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694977/; classtype:trojan-activity;sid:84558077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.49.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694976/; classtype:trojan-activity;sid:84558076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.128.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694975/; classtype:trojan-activity;sid:84558075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.73.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694974/; classtype:trojan-activity;sid:84558074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.33.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694973/; classtype:trojan-activity;sid:84558073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.4.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694972/; classtype:trojan-activity;sid:84558072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694971)"; flow:established,from_client; content:"GET"; http_method; content:"/boqqt6s67l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c4w.k8cr-9b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694971/; classtype:trojan-activity;sid:84558071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694970)"; flow:established,from_client; content:"GET"; http_method; content:"/oj.google|3f|t=1yyqkq9w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x2.5x7u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694970/; classtype:trojan-activity;sid:84558070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694968)"; flow:established,from_client; content:"GET"; http_method; content:"/pd.check|3f|t=2ec3cbn1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"gy9.p8ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694968/; classtype:trojan-activity;sid:84558068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694969)"; flow:established,from_client; content:"GET"; http_method; content:"/hhjcdmkgfe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hp.k8cr-9b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694969/; classtype:trojan-activity;sid:84558069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.45.56.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694967/; classtype:trojan-activity;sid:84558067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694965)"; flow:established,from_client; content:"GET"; http_method; content:"/vshjyfhp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.71o9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694965/; classtype:trojan-activity;sid:84558065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694966)"; flow:established,from_client; content:"GET"; http_method; content:"/5a9pnyebit.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t9rq3.l-ly.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694966/; classtype:trojan-activity;sid:84558066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694964)"; flow:established,from_client; content:"GET"; http_method; content:"/p7fb06rfx3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hp.k8cr-9b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694964/; classtype:trojan-activity;sid:84558064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694963)"; flow:established,from_client; content:"GET"; http_method; content:"/ay.check|3f|t=rsfeihp8"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.71o9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694963/; classtype:trojan-activity;sid:84558063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.13.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694962/; classtype:trojan-activity;sid:84558062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694961)"; flow:established,from_client; content:"GET"; http_method; content:"/rgt.check|3f|t=7rlszb84"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"00x.yldv.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694961/; classtype:trojan-activity;sid:84558061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694960/; classtype:trojan-activity;sid:84558060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694959)"; flow:established,from_client; content:"GET"; http_method; content:"/t3zne1k3c4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hp.k8cr-9b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694959/; classtype:trojan-activity;sid:84558059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.49.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694958/; classtype:trojan-activity;sid:84558058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.255.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694957/; classtype:trojan-activity;sid:84558057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694955)"; flow:established,from_client; content:"GET"; http_method; content:"/86jff3a4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8n.ha0m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694955/; classtype:trojan-activity;sid:84558055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694956)"; flow:established,from_client; content:"GET"; http_method; content:"/aw1qcaiw41.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p2vk.l-ly.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694956/; classtype:trojan-activity;sid:84558056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.228.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694954/; classtype:trojan-activity;sid:84558054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.45.56.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694953/; classtype:trojan-activity;sid:84558053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694952)"; flow:established,from_client; content:"GET"; http_method; content:"/wsk8v87ffu.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p2vk.l-ly.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694952/; classtype:trojan-activity;sid:84558052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694951)"; flow:established,from_client; content:"GET"; http_method; content:"/ty12sm9y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6c.g7ve.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694951/; classtype:trojan-activity;sid:84558051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694950)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1883128786/j6kuz1q.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694950/; classtype:trojan-activity;sid:84558050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694949)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8134610967/ei8bg5i.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694949/; classtype:trojan-activity;sid:84558049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694947)"; flow:established,from_client; content:"GET"; http_method; content:"/c2i.google|3f|t=f157tvnl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"6c.g7ve.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694947/; classtype:trojan-activity;sid:84558047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694948)"; flow:established,from_client; content:"GET"; http_method; content:"/tv7w8jmyxc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z9t1.k8cr-9b.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694948/; classtype:trojan-activity;sid:84558048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.42.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694946/; classtype:trojan-activity;sid:84558046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694945)"; flow:established,from_client; content:"GET"; http_method; content:"/hh7gk8e9fg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z9t1.k8cr-9b.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694945/; classtype:trojan-activity;sid:84558045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694944)"; flow:established,from_client; content:"GET"; http_method; content:"/l14.check|3f|t=tyyn6sok"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2u8.si9a.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694944/; classtype:trojan-activity;sid:84558044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694942)"; flow:established,from_client; content:"GET"; http_method; content:"/mi.check|3f|t=t720d5ev"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"15.to1j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694942/; classtype:trojan-activity;sid:84558042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694943)"; flow:established,from_client; content:"GET"; http_method; content:"/vm2q7o30et.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2a.k8cr-9b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694943/; classtype:trojan-activity;sid:84558043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.234.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694941/; classtype:trojan-activity;sid:84558041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694940)"; flow:established,from_client; content:"GET"; http_method; content:"/syschnu.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694940/; classtype:trojan-activity;sid:84558040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694939/; classtype:trojan-activity;sid:84558039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694938)"; flow:established,from_client; content:"GET"; http_method; content:"/axmc23442p.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h8ny.l-ly.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694938/; classtype:trojan-activity;sid:84558038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694937)"; flow:established,from_client; content:"GET"; http_method; content:"/0pbf5638"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"15.to1j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694937/; classtype:trojan-activity;sid:84558037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.218.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694936/; classtype:trojan-activity;sid:84558036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.45.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694935/; classtype:trojan-activity;sid:84558035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.121.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694934/; classtype:trojan-activity;sid:84558034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694933)"; flow:established,from_client; content:"GET"; http_method; content:"/kf67a1kg9a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2a.k8cr-9b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694933/; classtype:trojan-activity;sid:84558033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694932)"; flow:established,from_client; content:"GET"; http_method; content:"/9uj.google|3f|t=gpubroi4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"48.mjg1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694932/; classtype:trojan-activity;sid:84558032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.161.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694931/; classtype:trojan-activity;sid:84558031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.234.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694930/; classtype:trojan-activity;sid:84558030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694929)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7120586914/8f4xdd0.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694929/; classtype:trojan-activity;sid:84558029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694928)"; flow:established,from_client; content:"GET"; http_method; content:"/ge1cswl37m.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d4xf.3u-6.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694928/; classtype:trojan-activity;sid:84558028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694927)"; flow:established,from_client; content:"GET"; http_method; content:"/kzfimt28"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hb.yu5k.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694927/; classtype:trojan-activity;sid:84558027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694926)"; flow:established,from_client; content:"GET"; http_method; content:"/ysj.google|3f|t=zg3kq5k6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"gci.no4s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694926/; classtype:trojan-activity;sid:84558026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694925)"; flow:established,from_client; content:"GET"; http_method; content:"/5ug4ctlp9o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mk3.k8cr-9b.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694925/; classtype:trojan-activity;sid:84558025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.67.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694924/; classtype:trojan-activity;sid:84558024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694923)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6629342726/zajtmwu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694923/; classtype:trojan-activity;sid:84558023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.97.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694922/; classtype:trojan-activity;sid:84558022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694921)"; flow:established,from_client; content:"GET"; http_method; content:"/fz.google|3f|t=5mcimxqa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"my.8786.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694921/; classtype:trojan-activity;sid:84558021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694920)"; flow:established,from_client; content:"GET"; http_method; content:"/fx4iy5ayqk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7.k8cr-9b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694920/; classtype:trojan-activity;sid:84558020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.95.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694919/; classtype:trojan-activity;sid:84558019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694918/; classtype:trojan-activity;sid:84558018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694917)"; flow:established,from_client; content:"GET"; http_method; content:"/vsidqq3642.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r7pj2.3u-6.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694917/; classtype:trojan-activity;sid:84558017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694916)"; flow:established,from_client; content:"GET"; http_method; content:"/9ny4zdyd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9j5.5x7u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694916/; classtype:trojan-activity;sid:84558016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694915)"; flow:established,from_client; content:"GET"; http_method; content:"/vtd8bqpu1p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7.k8cr-9b.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694915/; classtype:trojan-activity;sid:84558015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694914)"; flow:established,from_client; content:"GET"; http_method; content:"/gw.google|3f|t=zrnlsi67"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cnp.p8ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694914/; classtype:trojan-activity;sid:84558014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.102.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694913/; classtype:trojan-activity;sid:84558013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.102.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694912/; classtype:trojan-activity;sid:84558012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.29.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694911/; classtype:trojan-activity;sid:84558011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694910)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8288209896/tunl4qr.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694910/; classtype:trojan-activity;sid:84558010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.213.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694909/; classtype:trojan-activity;sid:84558009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.11.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694908/; classtype:trojan-activity;sid:84558008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.97.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694907/; classtype:trojan-activity;sid:84558007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694906)"; flow:established,from_client; content:"GET"; http_method; content:"/p29.check|3f|t=rdpdjreg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n4s.71o9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694906/; classtype:trojan-activity;sid:84558006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694905)"; flow:established,from_client; content:"GET"; http_method; content:"/8lfaxudik2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b3yln.4qo8.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694905/; classtype:trojan-activity;sid:84558005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.95.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694904/; classtype:trojan-activity;sid:84558004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694903)"; flow:established,from_client; content:"GET"; http_method; content:"/p7m75ymfsl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b3yln.4qo8.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694903/; classtype:trojan-activity;sid:84558003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694902)"; flow:established,from_client; content:"GET"; http_method; content:"/qr1.google|3f|t=8feade8a"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"7g.yldv.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694902/; classtype:trojan-activity;sid:84558002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.178.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694901/; classtype:trojan-activity;sid:84558001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694900)"; flow:established,from_client; content:"GET"; http_method; content:"/zm91lnibhj.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a1mz.3u-6.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694900/; classtype:trojan-activity;sid:84558000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694899)"; flow:established,from_client; content:"GET"; http_method; content:"/nwn4fxoc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7g.yldv.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694899/; classtype:trojan-activity;sid:84557999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694897/; classtype:trojan-activity;sid:84557997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.29.99"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694898/; classtype:trojan-activity;sid:84557998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.213.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694896/; classtype:trojan-activity;sid:84557996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.74.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694895/; classtype:trojan-activity;sid:84557995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694894)"; flow:established,from_client; content:"GET"; http_method; content:"/host/sirrrrdeee.ps1"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"216.250.252.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694894/; classtype:trojan-activity;sid:84557994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694891)"; flow:established,from_client; content:"GET"; http_method; content:"/host/s.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"216.250.252.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694891/; classtype:trojan-activity;sid:84557991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694892)"; flow:established,from_client; content:"GET"; http_method; content:"/host/rocky.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"216.250.252.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694892/; classtype:trojan-activity;sid:84557992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694893)"; flow:established,from_client; content:"GET"; http_method; content:"/host/sea.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"216.250.252.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694893/; classtype:trojan-activity;sid:84557993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.155.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694890/; classtype:trojan-activity;sid:84557990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694889)"; flow:established,from_client; content:"GET"; http_method; content:"/f617nwiwyh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s9k2.4qo8.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694889/; classtype:trojan-activity;sid:84557989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694888)"; flow:established,from_client; content:"GET"; http_method; content:"/07u.check|3f|t=bxxadpd0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6yi.ha0m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694888/; classtype:trojan-activity;sid:84557988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.227.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694887/; classtype:trojan-activity;sid:84557987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.56.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694886/; classtype:trojan-activity;sid:84557986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694885)"; flow:established,from_client; content:"GET"; http_method; content:"/txvw84aftt.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v9q3.3u-6.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694885/; classtype:trojan-activity;sid:84557985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694884)"; flow:established,from_client; content:"GET"; http_method; content:"/ifvmlat6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qki.g7ve.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694884/; classtype:trojan-activity;sid:84557984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694883)"; flow:established,from_client; content:"GET"; http_method; content:"/3j.google|3f|t=uordz5ul"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qki.g7ve.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694883/; classtype:trojan-activity;sid:84557983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694882)"; flow:established,from_client; content:"GET"; http_method; content:"/k8ynre0lj7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w6r0a.4qo8.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694882/; classtype:trojan-activity;sid:84557982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.82.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694881/; classtype:trojan-activity;sid:84557981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694880)"; flow:established,from_client; content:"GET"; http_method; content:"/c1t9wcmrqg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w6r0a.4qo8.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694880/; classtype:trojan-activity;sid:84557980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694879)"; flow:established,from_client; content:"GET"; http_method; content:"/hg.google|3f|t=tjfqw4dn"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"n0.to1j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694879/; classtype:trojan-activity;sid:84557979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.227.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694878/; classtype:trojan-activity;sid:84557978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.116.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694877/; classtype:trojan-activity;sid:84557977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694875)"; flow:established,from_client; content:"GET"; http_method; content:"/nsyqqnihql.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1tvd.4qo8.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694875/; classtype:trojan-activity;sid:84557975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.56.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694876/; classtype:trojan-activity;sid:84557976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694874)"; flow:established,from_client; content:"GET"; http_method; content:"/6oq.google|3f|t=9wooe3ct"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"yw0.mjg1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694874/; classtype:trojan-activity;sid:84557974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694873)"; flow:established,from_client; content:"GET"; http_method; content:"/q46te7kt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"yw0.mjg1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694873/; classtype:trojan-activity;sid:84557973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694872)"; flow:established,from_client; content:"GET"; http_method; content:"/r6vjlt171t.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j2vb.u4-r-o.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694872/; classtype:trojan-activity;sid:84557972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694871/; classtype:trojan-activity;sid:84557971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694870)"; flow:established,from_client; content:"GET"; http_method; content:"/v9xucs8cbr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e1tvd.4qo8.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694870/; classtype:trojan-activity;sid:84557970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694869)"; flow:established,from_client; content:"GET"; http_method; content:"/c1.check|3f|t=xro9zfzv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ccd.yu5k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694869/; classtype:trojan-activity;sid:84557969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694868)"; flow:established,from_client; content:"GET"; http_method; content:"/2p2bg4awvc.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n0df5.u4-r-o.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694868/; classtype:trojan-activity;sid:84557968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694867)"; flow:established,from_client; content:"GET"; http_method; content:"/d3ted03y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ccd.yu5k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694867/; classtype:trojan-activity;sid:84557967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.241.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694866/; classtype:trojan-activity;sid:84557966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694865)"; flow:established,from_client; content:"GET"; http_method; content:"/gbddp1sblj.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n0df5.u4-r-o.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694865/; classtype:trojan-activity;sid:84557965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694864)"; flow:established,from_client; content:"GET"; http_method; content:"/sw8ta5in"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vdn.no4s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694864/; classtype:trojan-activity;sid:84557964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.82.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694862/; classtype:trojan-activity;sid:84557962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.10.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694863/; classtype:trojan-activity;sid:84557963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.3.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694861/; classtype:trojan-activity;sid:84557961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694860/; classtype:trojan-activity;sid:84557960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694859/; classtype:trojan-activity;sid:84557959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694857)"; flow:established,from_client; content:"GET"; http_method; content:"/i5i.google|3f|t=cwl4zvcd"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"e0s.1r55.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694857/; classtype:trojan-activity;sid:84557957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694858)"; flow:established,from_client; content:"GET"; http_method; content:"/ly67dcl3n4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p7x3.4qo8.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694858/; classtype:trojan-activity;sid:84557958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.151.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694856/; classtype:trojan-activity;sid:84557956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694855)"; flow:established,from_client; content:"GET"; http_method; content:"/k5rgnc4x7a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h2m9q.4qo8.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694855/; classtype:trojan-activity;sid:84557955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694854)"; flow:established,from_client; content:"GET"; http_method; content:"/y5.google|3f|t=m67a0gga"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5nu.8786.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694854/; classtype:trojan-activity;sid:84557954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694853)"; flow:established,from_client; content:"GET"; http_method; content:"/ptj9fwfk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5nu.8786.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694853/; classtype:trojan-activity;sid:84557953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694852)"; flow:established,from_client; content:"GET"; http_method; content:"/ci2c3i7hxv.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c4hx.u4-r-o.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694852/; classtype:trojan-activity;sid:84557952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.110.35.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694851/; classtype:trojan-activity;sid:84557951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.116.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694850/; classtype:trojan-activity;sid:84557950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.82.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694849/; classtype:trojan-activity;sid:84557949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.241.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694848/; classtype:trojan-activity;sid:84557948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694847)"; flow:established,from_client; content:"GET"; http_method; content:"/jvev9v9z7p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d4wce.67tf.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694847/; classtype:trojan-activity;sid:84557947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694846)"; flow:established,from_client; content:"GET"; http_method; content:"/ak9.check|3f|t=vpmb2cj1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"17m.5x7u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694846/; classtype:trojan-activity;sid:84557946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694845)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3546.tarotbag.digital"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694845/; classtype:trojan-activity;sid:84557945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694844/; classtype:trojan-activity;sid:84557944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.86.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694843/; classtype:trojan-activity;sid:84557943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694842)"; flow:established,from_client; content:"GET"; http_method; content:"/iqdna9ke3l.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g8z1.67tf.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694842/; classtype:trojan-activity;sid:84557942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694841)"; flow:established,from_client; content:"GET"; http_method; content:"/asd.check|3f|t=d4q8rt99"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h9u.p8ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694841/; classtype:trojan-activity;sid:84557941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.155.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694840/; classtype:trojan-activity;sid:84557940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694839)"; flow:established,from_client; content:"GET"; http_method; content:"/afohvxb0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cr.71o9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694839/; classtype:trojan-activity;sid:84557939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.107.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694838/; classtype:trojan-activity;sid:84557938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694837)"; flow:established,from_client; content:"GET"; http_method; content:"/mljjqevw7d.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r6wt2.u4-r-o.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694837/; classtype:trojan-activity;sid:84557937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.184.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694836/; classtype:trojan-activity;sid:84557936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694835)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694835/; classtype:trojan-activity;sid:84557935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694822)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694822/; classtype:trojan-activity;sid:84557922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694823)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694823/; classtype:trojan-activity;sid:84557923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694824)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694824/; classtype:trojan-activity;sid:84557924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694825)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694825/; classtype:trojan-activity;sid:84557925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694826)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694826/; classtype:trojan-activity;sid:84557926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694827)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694827/; classtype:trojan-activity;sid:84557927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694828)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694828/; classtype:trojan-activity;sid:84557928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694829)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694829/; classtype:trojan-activity;sid:84557929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694830)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694830/; classtype:trojan-activity;sid:84557930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694831)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694831/; classtype:trojan-activity;sid:84557931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694832)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694832/; classtype:trojan-activity;sid:84557932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694833)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694833/; classtype:trojan-activity;sid:84557933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.101.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694834/; classtype:trojan-activity;sid:84557934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694821)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc440fp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694821/; classtype:trojan-activity;sid:84557921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.110.35.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694820/; classtype:trojan-activity;sid:84557920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.183.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694819/; classtype:trojan-activity;sid:84557919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694818)"; flow:established,from_client; content:"GET"; http_method; content:"/xkae9pls45.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n5t3a.67tf.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694818/; classtype:trojan-activity;sid:84557918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694817)"; flow:established,from_client; content:"GET"; http_method; content:"/jp.check|3f|t=2uyd7kdr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"k3.yldv.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694817/; classtype:trojan-activity;sid:84557917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.225.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694816/; classtype:trojan-activity;sid:84557916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.13.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694815/; classtype:trojan-activity;sid:84557915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.155.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694814/; classtype:trojan-activity;sid:84557914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.32.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694813/; classtype:trojan-activity;sid:84557913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694812)"; flow:established,from_client; content:"GET"; http_method; content:"/zwzrojfy8c.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a9mj.u4-r-o.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694812/; classtype:trojan-activity;sid:84557912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694811)"; flow:established,from_client; content:"GET"; http_method; content:"/i9zpv62d"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6rv.ha0m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694811/; classtype:trojan-activity;sid:84557911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.155.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694810/; classtype:trojan-activity;sid:84557910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.130.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694809/; classtype:trojan-activity;sid:84557909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.96.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694808/; classtype:trojan-activity;sid:84557908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694807)"; flow:established,from_client; content:"GET"; http_method; content:"/xj75fwyryn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n5t3a.67tf.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694807/; classtype:trojan-activity;sid:84557907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694806)"; flow:established,from_client; content:"GET"; http_method; content:"/0m.google|3f|t=zfy7l5q4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"22k.g7ve.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694806/; classtype:trojan-activity;sid:84557906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.130.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694805/; classtype:trojan-activity;sid:84557905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.163.184.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694804/; classtype:trojan-activity;sid:84557904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.183.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694803/; classtype:trojan-activity;sid:84557903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.225.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694802/; classtype:trojan-activity;sid:84557902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.0.27.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694801/; classtype:trojan-activity;sid:84557901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.239.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694800/; classtype:trojan-activity;sid:84557900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694799)"; flow:established,from_client; content:"GET"; http_method; content:"/dnqx3dd5m5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0bq9.67tf.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694799/; classtype:trojan-activity;sid:84557899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694798)"; flow:established,from_client; content:"GET"; http_method; content:"/78.google|3f|t=twoyrry7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"83.si9a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694798/; classtype:trojan-activity;sid:84557898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.77.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694797/; classtype:trojan-activity;sid:84557897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694796)"; flow:established,from_client; content:"GET"; http_method; content:"/z52wilf8jq.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v5qp3.u4-r-o.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694796/; classtype:trojan-activity;sid:84557896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694795)"; flow:established,from_client; content:"GET"; http_method; content:"/2cd7vp9i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.si9a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694795/; classtype:trojan-activity;sid:84557895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694794)"; flow:established,from_client; content:"GET"; http_method; content:"/tmhf919pp4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0bq9.67tf.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694794/; classtype:trojan-activity;sid:84557894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694793)"; flow:established,from_client; content:"GET"; http_method; content:"/vp.check|3f|t=85bincfg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lj.to1j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694793/; classtype:trojan-activity;sid:84557893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.96.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694792/; classtype:trojan-activity;sid:84557892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694791)"; flow:established,from_client; content:"GET"; http_method; content:"/files/502259649/valpntr.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694791/; classtype:trojan-activity;sid:84557891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694790)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"get7z.wristplante.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694790/; classtype:trojan-activity;sid:84557890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694789)"; flow:established,from_client; content:"GET"; http_method; content:"/aw.google|3f|t=63m8q5x5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ou.mjg1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694789/; classtype:trojan-activity;sid:84557889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694788)"; flow:established,from_client; content:"GET"; http_method; content:"/dfus6b48j0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r1p6.67tf.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694788/; classtype:trojan-activity;sid:84557888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.82.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694787/; classtype:trojan-activity;sid:84557887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.141.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694786/; classtype:trojan-activity;sid:84557886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.144.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694785/; classtype:trojan-activity;sid:84557885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694784)"; flow:established,from_client; content:"GET"; http_method; content:"/rhrecrutamento-v2.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"rhrecrutamento.site"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694784/; classtype:trojan-activity;sid:84557884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694783)"; flow:established,from_client; content:"GET"; http_method; content:"/ldplayer9_ld_407586_ld.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ldplaycn.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694783/; classtype:trojan-activity;sid:84557883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694780)"; flow:established,from_client; content:"GET"; http_method; content:"/zoompage/windows/download.php"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"zzooominstallationn.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694780/; classtype:trojan-activity;sid:84557880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694781)"; flow:established,from_client; content:"GET"; http_method; content:"/live/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"joinzooomer.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694781/; classtype:trojan-activity;sid:84557881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694782)"; flow:established,from_client; content:"GET"; http_method; content:"/youtubego.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"youtubego.live"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694782/; classtype:trojan-activity;sid:84557882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694779)"; flow:established,from_client; content:"GET"; http_method; content:"/space.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"84.247.162.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694779/; classtype:trojan-activity;sid:84557879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694778)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"59.97.255.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694778/; classtype:trojan-activity;sid:84557878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694775)"; flow:established,from_client; content:"GET"; http_method; content:"/svd/le/sighe.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"micetloiper.sbs"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694775/; classtype:trojan-activity;sid:84557875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694776)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/xupertv-para-celular.apk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"xupertvapk.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694776/; classtype:trojan-activity;sid:84557876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694777)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|id=1iz3d9xf_yoij2-p3ilo3pbrgbn-wq85s|7c|26|7c|export=download"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"drive.usercontent.google.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694777/; classtype:trojan-activity;sid:84557877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694773)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"211.224.189.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694773/; classtype:trojan-activity;sid:84557873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694774)"; flow:established,from_client; content:"GET"; http_method; content:"/g3c7j41yxz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y8kz.u4-r-o.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694774/; classtype:trojan-activity;sid:84557874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.224.189.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694772/; classtype:trojan-activity;sid:84557872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694770)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694770/; classtype:trojan-activity;sid:84557870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694771)"; flow:established,from_client; content:"GET"; http_method; content:"/8jyaro3r"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vdx.yu5k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694771/; classtype:trojan-activity;sid:84557871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694766)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.175.192.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694766/; classtype:trojan-activity;sid:84557866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694767)"; flow:established,from_client; content:"GET"; http_method; content:"/clipaid-pro.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"clipaid.app"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694767/; classtype:trojan-activity;sid:84557867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694768)"; flow:established,from_client; content:"GET"; http_method; content:"/s/paneli.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"threadet.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694768/; classtype:trojan-activity;sid:84557868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694769)"; flow:established,from_client; content:"GET"; http_method; content:"/windows/download.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"gaygfabogados.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694769/; classtype:trojan-activity;sid:84557869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694762)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694762/; classtype:trojan-activity;sid:84557862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694763)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"81.181.129.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694763/; classtype:trojan-activity;sid:84557863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694764)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"etsputs.milanocapitals.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694764/; classtype:trojan-activity;sid:84557864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694765)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.227.154.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694765/; classtype:trojan-activity;sid:84557865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.255.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694760/; classtype:trojan-activity;sid:84557860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694761)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7120586914/jc0oszj.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694761/; classtype:trojan-activity;sid:84557861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.69.69.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694759/; classtype:trojan-activity;sid:84557859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.229.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694757/; classtype:trojan-activity;sid:84557857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.235.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694758/; classtype:trojan-activity;sid:84557858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.92.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694752/; classtype:trojan-activity;sid:84557852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.76.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694753/; classtype:trojan-activity;sid:84557853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694754)"; flow:established,from_client; content:"GET"; http_method; content:"/16a.google|3f|t=hjzs491z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"vdx.yu5k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694754/; classtype:trojan-activity;sid:84557854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694755)"; flow:established,from_client; content:"GET"; http_method; content:"/5kdog57jit.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r1p6.67tf.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694755/; classtype:trojan-activity;sid:84557855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.107.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694756/; classtype:trojan-activity;sid:84557856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.136.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694751/; classtype:trojan-activity;sid:84557851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.214.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694745/; classtype:trojan-activity;sid:84557845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694746/; classtype:trojan-activity;sid:84557846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.153.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694747/; classtype:trojan-activity;sid:84557847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.151.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694748/; classtype:trojan-activity;sid:84557848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.147.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694749/; classtype:trojan-activity;sid:84557849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.168.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694750/; classtype:trojan-activity;sid:84557850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.140.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694743/; classtype:trojan-activity;sid:84557843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.122.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694744/; classtype:trojan-activity;sid:84557844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694742)"; flow:established,from_client; content:"GET"; http_method; content:"/09nndw9b9l.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y8kz.u4-r-o.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694742/; classtype:trojan-activity;sid:84557842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694741)"; flow:established,from_client; content:"GET"; http_method; content:"/f46axzdd"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vdx.yu5k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694741/; classtype:trojan-activity;sid:84557841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.20.56"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694740/; classtype:trojan-activity;sid:84557840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.156.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694739/; classtype:trojan-activity;sid:84557839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694737)"; flow:established,from_client; content:"GET"; http_method; content:"/uock9tlk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cya.no4s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694737/; classtype:trojan-activity;sid:84557837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694738)"; flow:established,from_client; content:"GET"; http_method; content:"/5xli0j6aso.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y8kz.u4-r-o.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694738/; classtype:trojan-activity;sid:84557838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.197.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694736/; classtype:trojan-activity;sid:84557836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.163.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694735/; classtype:trojan-activity;sid:84557835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.197.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694734/; classtype:trojan-activity;sid:84557834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694733)"; flow:established,from_client; content:"GET"; http_method; content:"/wayq9hgoxp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2k7m.67tf.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694733/; classtype:trojan-activity;sid:84557833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694732)"; flow:established,from_client; content:"GET"; http_method; content:"/c0.check|3f|t=nya2d94b"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cya.no4s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694732/; classtype:trojan-activity;sid:84557832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.144.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694731/; classtype:trojan-activity;sid:84557831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.162.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694730/; classtype:trojan-activity;sid:84557830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694729)"; flow:established,from_client; content:"GET"; http_method; content:"/j9n4mpscyq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2k7m.67tf.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694729/; classtype:trojan-activity;sid:84557829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694728)"; flow:established,from_client; content:"GET"; http_method; content:"/k4.check|3f|t=hjz01c9j"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"v7c.1r55.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694728/; classtype:trojan-activity;sid:84557828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694727)"; flow:established,from_client; content:"GET"; http_method; content:"/yuxkdyk0ge.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c7x0.j-7m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694727/; classtype:trojan-activity;sid:84557827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694726)"; flow:established,from_client; content:"GET"; http_method; content:"/lr3.check|3f|t=s6i784kw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7u.8786.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694726/; classtype:trojan-activity;sid:84557826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.78.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694725/; classtype:trojan-activity;sid:84557825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.1.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694724/; classtype:trojan-activity;sid:84557824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.128.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694722/; classtype:trojan-activity;sid:84557822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.163.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694723/; classtype:trojan-activity;sid:84557823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.213.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694721/; classtype:trojan-activity;sid:84557821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694720)"; flow:established,from_client; content:"GET"; http_method; content:"/lcwvthwry6.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b1nr.432b47.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694720/; classtype:trojan-activity;sid:84557820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694717)"; flow:established,from_client; content:"GET"; http_method; content:"/aep.google|3f|t=yt2lb3au"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"8p.p8ri.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694717/; classtype:trojan-activity;sid:84557817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694718)"; flow:established,from_client; content:"GET"; http_method; content:"/9ns42xgi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8p.p8ri.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694718/; classtype:trojan-activity;sid:84557818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694719)"; flow:established,from_client; content:"GET"; http_method; content:"/xe0a653p7z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m9r2a.j-7m.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694719/; classtype:trojan-activity;sid:84557819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.162.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694716/; classtype:trojan-activity;sid:84557816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.67.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694715/; classtype:trojan-activity;sid:84557815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.39.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694714/; classtype:trojan-activity;sid:84557814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.207.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694713/; classtype:trojan-activity;sid:84557813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.78.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694712/; classtype:trojan-activity;sid:84557812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.101.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694711/; classtype:trojan-activity;sid:84557811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.164.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694710/; classtype:trojan-activity;sid:84557810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.13.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694709/; classtype:trojan-activity;sid:84557809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694707)"; flow:established,from_client; content:"GET"; http_method; content:"/w6ozcnng"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fwi.71o9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694707/; classtype:trojan-activity;sid:84557807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694708)"; flow:established,from_client; content:"GET"; http_method; content:"/1qowxdqsnz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p3q6y.432b47.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694708/; classtype:trojan-activity;sid:84557808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694706)"; flow:established,from_client; content:"GET"; http_method; content:"/qr.google|3f|t=pfcy235n"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fwi.71o9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694706/; classtype:trojan-activity;sid:84557806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694705)"; flow:established,from_client; content:"GET"; http_method; content:"/ea4u3q6ogg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1v8.j-7m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694705/; classtype:trojan-activity;sid:84557805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.199.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694704/; classtype:trojan-activity;sid:84557804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694702)"; flow:established,from_client; content:"GET"; http_method; content:"/3yfm5b1zcf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1v8.j-7m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694702/; classtype:trojan-activity;sid:84557802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694703)"; flow:established,from_client; content:"GET"; http_method; content:"/oc0.check|3f|t=ixlamx8a"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nqi.yldv.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694703/; classtype:trojan-activity;sid:84557803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694700)"; flow:established,from_client; content:"GET"; http_method; content:"/4f.google|3f|t=v0gauqqf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fr.ha0m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694700/; classtype:trojan-activity;sid:84557800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694701)"; flow:established,from_client; content:"GET"; http_method; content:"/wcxeuze69a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t1v8.j-7m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694701/; classtype:trojan-activity;sid:84557801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.53.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694699/; classtype:trojan-activity;sid:84557799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.101.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694698/; classtype:trojan-activity;sid:84557798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694697)"; flow:established,from_client; content:"GET"; http_method; content:"/l8j2eogj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fr.ha0m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694697/; classtype:trojan-activity;sid:84557797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694696)"; flow:established,from_client; content:"GET"; http_method; content:"/i7uz86kcps.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p3q6y.432b47.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694696/; classtype:trojan-activity;sid:84557796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.207.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694695/; classtype:trojan-activity;sid:84557795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.250.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694694/; classtype:trojan-activity;sid:84557794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694693)"; flow:established,from_client; content:"GET"; http_method; content:"/zljw5vi1xe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4p9q.j-7m.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694693/; classtype:trojan-activity;sid:84557793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694692)"; flow:established,from_client; content:"GET"; http_method; content:"/ey.google|3f|t=4bof0va5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mcz.g7ve.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694692/; classtype:trojan-activity;sid:84557792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.141.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694691/; classtype:trojan-activity;sid:84557791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694690)"; flow:established,from_client; content:"GET"; http_method; content:"/qoexcrjk8e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4p9q.j-7m.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694690/; classtype:trojan-activity;sid:84557790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694689)"; flow:established,from_client; content:"GET"; http_method; content:"/wu9.check|3f|t=4bdekbne"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k4.si9a.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694689/; classtype:trojan-activity;sid:84557789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694688)"; flow:established,from_client; content:"GET"; http_method; content:"/gaiz3pu5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lm.to1j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694688/; classtype:trojan-activity;sid:84557788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694687)"; flow:established,from_client; content:"GET"; http_method; content:"/7mitchxlti.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t9jw4.432b47.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694687/; classtype:trojan-activity;sid:84557787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694686)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.check|3f|t=66a8e3lk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lm.to1j.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694686/; classtype:trojan-activity;sid:84557786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694685)"; flow:established,from_client; content:"GET"; http_method; content:"/n8j1fibqaa.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4p9q.j-7m.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694685/; classtype:trojan-activity;sid:84557785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.199.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694684/; classtype:trojan-activity;sid:84557784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.147.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694683/; classtype:trojan-activity;sid:84557783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.155.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694682/; classtype:trojan-activity;sid:84557782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.53.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694681/; classtype:trojan-activity;sid:84557781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694680)"; flow:established,from_client; content:"GET"; http_method; content:"/0957ml9gjc.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t9jw4.432b47.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694680/; classtype:trojan-activity;sid:84557780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694679)"; flow:established,from_client; content:"GET"; http_method; content:"/ttxtwp7f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"axm.mjg1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694679/; classtype:trojan-activity;sid:84557779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.182.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694678/; classtype:trojan-activity;sid:84557778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.194.28.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694677/; classtype:trojan-activity;sid:84557777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.141.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694676/; classtype:trojan-activity;sid:84557776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.141.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694675/; classtype:trojan-activity;sid:84557775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.194.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694674/; classtype:trojan-activity;sid:84557774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.25.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694673/; classtype:trojan-activity;sid:84557773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694671)"; flow:established,from_client; content:"GET"; http_method; content:"/5wjgy4k2vb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r0yg.0fv1.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694671/; classtype:trojan-activity;sid:84557771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694672)"; flow:established,from_client; content:"GET"; http_method; content:"/9bc.check|3f|t=bvkn01if"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1zs.yu5k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694672/; classtype:trojan-activity;sid:84557772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.253.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694670/; classtype:trojan-activity;sid:84557770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694669/; classtype:trojan-activity;sid:84557769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694668)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/7rbumpu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694668/; classtype:trojan-activity;sid:84557768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694667)"; flow:established,from_client; content:"GET"; http_method; content:"/gtna9qombe.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r0yg.0fv1.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694667/; classtype:trojan-activity;sid:84557767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694666)"; flow:established,from_client; content:"GET"; http_method; content:"/utw.check|3f|t=uzosg6ot"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0kd.no4s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694666/; classtype:trojan-activity;sid:84557766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694665)"; flow:established,from_client; content:"GET"; http_method; content:"/limrm95u3q.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"f0v2.432b47.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694665/; classtype:trojan-activity;sid:84557765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694664)"; flow:established,from_client; content:"GET"; http_method; content:"/sqmntli9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2d4.1r55.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694664/; classtype:trojan-activity;sid:84557764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.222.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694663/; classtype:trojan-activity;sid:84557763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694661)"; flow:established,from_client; content:"GET"; http_method; content:"/jlqh9yof1g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tbd9.0fv1.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694661/; classtype:trojan-activity;sid:84557761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694662)"; flow:established,from_client; content:"GET"; http_method; content:"/br.check|3f|t=jowfnlag"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"2d4.1r55.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694662/; classtype:trojan-activity;sid:84557762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694660/; classtype:trojan-activity;sid:84557760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.155.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694659/; classtype:trojan-activity;sid:84557759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694658)"; flow:established,from_client; content:"GET"; http_method; content:"/lft.check|3f|t=d9pds9de"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wp.8786.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694658/; classtype:trojan-activity;sid:84557758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694657)"; flow:established,from_client; content:"GET"; http_method; content:"/npu2v1xzoq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tbd9.0fv1.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694657/; classtype:trojan-activity;sid:84557757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.203.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694656/; classtype:trojan-activity;sid:84557756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.253.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694655/; classtype:trojan-activity;sid:84557755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.194.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694654/; classtype:trojan-activity;sid:84557754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.134.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694653/; classtype:trojan-activity;sid:84557753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694652)"; flow:established,from_client; content:"GET"; http_method; content:"/a5q8c2uoun.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m5x8r.432b47.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694652/; classtype:trojan-activity;sid:84557752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694651)"; flow:established,from_client; content:"GET"; http_method; content:"/7ube5zwe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0k.5x7u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694651/; classtype:trojan-activity;sid:84557751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.101.92.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694650/; classtype:trojan-activity;sid:84557750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.30.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694649/; classtype:trojan-activity;sid:84557749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.89.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694648/; classtype:trojan-activity;sid:84557748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694647)"; flow:established,from_client; content:"GET"; http_method; content:"/7b.check|3f|t=sa36zhqq"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"0k.5x7u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694647/; classtype:trojan-activity;sid:84557747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694646)"; flow:established,from_client; content:"GET"; http_method; content:"/5mjdendju3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z83n.0fv1.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694646/; classtype:trojan-activity;sid:84557746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.123.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694645/; classtype:trojan-activity;sid:84557745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.40.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694644/; classtype:trojan-activity;sid:84557744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694643/; classtype:trojan-activity;sid:84557743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.208.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694642/; classtype:trojan-activity;sid:84557742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694641)"; flow:established,from_client; content:"GET"; http_method; content:"/ph46b6so"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"rl.q3lo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694641/; classtype:trojan-activity;sid:84557741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694639)"; flow:established,from_client; content:"GET"; http_method; content:"/n8w32kbbr3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v1kpa.0fv1.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694639/; classtype:trojan-activity;sid:84557739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694640)"; flow:established,from_client; content:"GET"; http_method; content:"/e8fc4wa3c5.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q7dz.432b47.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694640/; classtype:trojan-activity;sid:84557740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694638)"; flow:established,from_client; content:"GET"; http_method; content:"/q45.google|3f|t=r728vx1y"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"rl.q3lo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694638/; classtype:trojan-activity;sid:84557738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.203.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694637/; classtype:trojan-activity;sid:84557737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694635)"; flow:established,from_client; content:"GET"; http_method; content:"/hy42dtvxh4.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q7dz.432b47.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694635/; classtype:trojan-activity;sid:84557735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694636)"; flow:established,from_client; content:"GET"; http_method; content:"/0kmdg1htk7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v1kpa.0fv1.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694636/; classtype:trojan-activity;sid:84557736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694633)"; flow:established,from_client; content:"GET"; http_method; content:"/zka.google|3f|t=odvjekn8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sd.77-6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694633/; classtype:trojan-activity;sid:84557733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694634)"; flow:established,from_client; content:"GET"; http_method; content:"/p072r7mk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sd.77-6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694634/; classtype:trojan-activity;sid:84557734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.134.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694632/; classtype:trojan-activity;sid:84557732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.121.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694631/; classtype:trojan-activity;sid:84557731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.251.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694630/; classtype:trojan-activity;sid:84557730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.146.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694629/; classtype:trojan-activity;sid:84557729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.40.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694628/; classtype:trojan-activity;sid:84557728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694627)"; flow:established,from_client; content:"GET"; http_method; content:"/shxp61njc6.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2pk3.432b47.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694627/; classtype:trojan-activity;sid:84557727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694626)"; flow:established,from_client; content:"GET"; http_method; content:"/ztluw7hz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ob1.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694626/; classtype:trojan-activity;sid:84557726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.14.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694625/; classtype:trojan-activity;sid:84557725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.25.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694624/; classtype:trojan-activity;sid:84557724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.57.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694623/; classtype:trojan-activity;sid:84557723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.208.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694622/; classtype:trojan-activity;sid:84557722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.121.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694621/; classtype:trojan-activity;sid:84557721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694620/; classtype:trojan-activity;sid:84557720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694619)"; flow:established,from_client; content:"GET"; http_method; content:"/0r6f46jtnu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7m2x.0fv1.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694619/; classtype:trojan-activity;sid:84557719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694618)"; flow:established,from_client; content:"GET"; http_method; content:"/wf5.google|3f|t=ccpw4au9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ob1.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694618/; classtype:trojan-activity;sid:84557718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694617/; classtype:trojan-activity;sid:84557717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.208.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694616/; classtype:trojan-activity;sid:84557716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.246.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694615/; classtype:trojan-activity;sid:84557715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.4.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694614/; classtype:trojan-activity;sid:84557714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.125.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694613/; classtype:trojan-activity;sid:84557713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.23.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694612/; classtype:trojan-activity;sid:84557712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.250.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694611/; classtype:trojan-activity;sid:84557711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.135.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694610/; classtype:trojan-activity;sid:84557710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.184.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694609/; classtype:trojan-activity;sid:84557709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.14.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694608/; classtype:trojan-activity;sid:84557708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.125.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694607/; classtype:trojan-activity;sid:84557707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.174.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694606/; classtype:trojan-activity;sid:84557706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694605/; classtype:trojan-activity;sid:84557705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.0.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694604/; classtype:trojan-activity;sid:84557704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.20.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694603/; classtype:trojan-activity;sid:84557703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.163.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694601/; classtype:trojan-activity;sid:84557701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.157.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694602/; classtype:trojan-activity;sid:84557702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.31.254.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694600/; classtype:trojan-activity;sid:84557700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.31.254.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694599/; classtype:trojan-activity;sid:84557699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.174.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694598/; classtype:trojan-activity;sid:84557698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694596)"; flow:established,from_client; content:"GET"; http_method; content:"/ataizu03"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t7.ru7x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694596/; classtype:trojan-activity;sid:84557696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694597)"; flow:established,from_client; content:"GET"; http_method; content:"/fbu63z1fad.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e2kj.ru7x.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694597/; classtype:trojan-activity;sid:84557697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694595)"; flow:established,from_client; content:"GET"; http_method; content:"/fqx986v1ga.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p8ny.ru7x.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694595/; classtype:trojan-activity;sid:84557695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694594)"; flow:established,from_client; content:"GET"; http_method; content:"/cvygq25d"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"byv.q3lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694594/; classtype:trojan-activity;sid:84557694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694593/; classtype:trojan-activity;sid:84557693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694591)"; flow:established,from_client; content:"GET"; http_method; content:"/1jyyws1oea.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p8ny.ru7x.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694591/; classtype:trojan-activity;sid:84557691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.0.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694592/; classtype:trojan-activity;sid:84557692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694590)"; flow:established,from_client; content:"GET"; http_method; content:"/6mnkbj76"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0ma.77-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694590/; classtype:trojan-activity;sid:84557690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.95.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694589/; classtype:trojan-activity;sid:84557689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.59.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694588/; classtype:trojan-activity;sid:84557688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694587/; classtype:trojan-activity;sid:84557687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.146.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694586/; classtype:trojan-activity;sid:84557686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.157.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694585/; classtype:trojan-activity;sid:84557685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694584)"; flow:established,from_client; content:"GET"; http_method; content:"/f8gmotv6bp.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h4v7.ru7x.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694584/; classtype:trojan-activity;sid:84557684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694583)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7120586914/luy3d3a.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694583/; classtype:trojan-activity;sid:84557683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694582)"; flow:established,from_client; content:"GET"; http_method; content:"/9dn8b9kp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ab.wi7e.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694582/; classtype:trojan-activity;sid:84557682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.73.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694581/; classtype:trojan-activity;sid:84557681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694579)"; flow:established,from_client; content:"GET"; http_method; content:"/6u7emjco"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3g.m2la.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694579/; classtype:trojan-activity;sid:84557679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694580)"; flow:established,from_client; content:"GET"; http_method; content:"/lmt2z6z0oz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h4v7.ru7x.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694580/; classtype:trojan-activity;sid:84557680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694578/; classtype:trojan-activity;sid:84557678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694577)"; flow:established,from_client; content:"GET"; http_method; content:"/brq85zdgmr.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h4v7.ru7x.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694577/; classtype:trojan-activity;sid:84557677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694576)"; flow:established,from_client; content:"GET"; http_method; content:"/rcomtklr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"atd.e-dx.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694576/; classtype:trojan-activity;sid:84557676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694575/; classtype:trojan-activity;sid:84557675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.146.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694574/; classtype:trojan-activity;sid:84557674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.147.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694573/; classtype:trojan-activity;sid:84557673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.139.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694572/; classtype:trojan-activity;sid:84557672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.0.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694571/; classtype:trojan-activity;sid:84557671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.196.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694568/; classtype:trojan-activity;sid:84557668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.86.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694569/; classtype:trojan-activity;sid:84557669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.245.37.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694570/; classtype:trojan-activity;sid:84557670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.39.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694567/; classtype:trojan-activity;sid:84557667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694565)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694565/; classtype:trojan-activity;sid:84557665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694566)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694566/; classtype:trojan-activity;sid:84557666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694564/; classtype:trojan-activity;sid:84557664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.214.74.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694563/; classtype:trojan-activity;sid:84557663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.91.141.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694562/; classtype:trojan-activity;sid:84557662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.184.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694561/; classtype:trojan-activity;sid:84557661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694559)"; flow:established,from_client; content:"GET"; http_method; content:"/sjvwqeq4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bg.xa9t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694559/; classtype:trojan-activity;sid:84557659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694560)"; flow:established,from_client; content:"GET"; http_method; content:"/h5b4pmn9r9.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m1ct.ru7x.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694560/; classtype:trojan-activity;sid:84557660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.247.0.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694558/; classtype:trojan-activity;sid:84557658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.77.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694557/; classtype:trojan-activity;sid:84557657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.214.74.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694556/; classtype:trojan-activity;sid:84557656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.77.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694555/; classtype:trojan-activity;sid:84557655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.91.141.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694554/; classtype:trojan-activity;sid:84557654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.184.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694553/; classtype:trojan-activity;sid:84557653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694552)"; flow:established,from_client; content:"GET"; http_method; content:"/cii0m3qj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xi.1z57.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694552/; classtype:trojan-activity;sid:84557652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694551)"; flow:established,from_client; content:"GET"; http_method; content:"/dqrh0q6ff6.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j8wz.xa9t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694551/; classtype:trojan-activity;sid:84557651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694550)"; flow:established,from_client; content:"GET"; http_method; content:"/hnixu7oz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ii.1yjp.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694550/; classtype:trojan-activity;sid:84557650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694549)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.32.41.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694549/; classtype:trojan-activity;sid:84557649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.1.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694547/; classtype:trojan-activity;sid:84557647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694548)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694548/; classtype:trojan-activity;sid:84557648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694546/; classtype:trojan-activity;sid:84557646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.233.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694545/; classtype:trojan-activity;sid:84557645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.168.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694544/; classtype:trojan-activity;sid:84557644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694543)"; flow:established,from_client; content:"GET"; http_method; content:"/ol6zdhxt89.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"l2hq.xa9t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694543/; classtype:trojan-activity;sid:84557643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694542)"; flow:established,from_client; content:"GET"; http_method; content:"/ii03qzmh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sbx.op76.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694542/; classtype:trojan-activity;sid:84557642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694541/; classtype:trojan-activity;sid:84557641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.242.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694540/; classtype:trojan-activity;sid:84557640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694539)"; flow:established,from_client; content:"GET"; http_method; content:"/h4zg25aq1b.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"s4ym.xa9t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694539/; classtype:trojan-activity;sid:84557639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694538)"; flow:established,from_client; content:"GET"; http_method; content:"/unek0ywm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xe.y8-8.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694538/; classtype:trojan-activity;sid:84557638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694537)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6065878864/bpmvpqx.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694537/; classtype:trojan-activity;sid:84557637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.213.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694536/; classtype:trojan-activity;sid:84557636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694533)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvsh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694533/; classtype:trojan-activity;sid:84557633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694534)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvarm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694534/; classtype:trojan-activity;sid:84557634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694535)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvmpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694535/; classtype:trojan-activity;sid:84557635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694527)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvx64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694527/; classtype:trojan-activity;sid:84557627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694528)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvm68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694528/; classtype:trojan-activity;sid:84557628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694529)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvspc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694529/; classtype:trojan-activity;sid:84557629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694530)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvx86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694530/; classtype:trojan-activity;sid:84557630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694531)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvarm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694531/; classtype:trojan-activity;sid:84557631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694532)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694532/; classtype:trojan-activity;sid:84557632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694525)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvmips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694525/; classtype:trojan-activity;sid:84557625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694526)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvarm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694526/; classtype:trojan-activity;sid:84557626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694524)"; flow:established,from_client; content:"GET"; http_method; content:"/supplysrvarm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694524/; classtype:trojan-activity;sid:84557624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.0.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694523/; classtype:trojan-activity;sid:84557623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694522)"; flow:established,from_client; content:"GET"; http_method; content:"/jwc9mphnk8.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"s4ym.xa9t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694522/; classtype:trojan-activity;sid:84557622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694521)"; flow:established,from_client; content:"GET"; http_method; content:"/um3rl1gq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vp.5-rt.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694521/; classtype:trojan-activity;sid:84557621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.16.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694520/; classtype:trojan-activity;sid:84557620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.233.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694519/; classtype:trojan-activity;sid:84557619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694518)"; flow:established,from_client; content:"GET"; http_method; content:"/kabsalut6p.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"s4ym.xa9t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694518/; classtype:trojan-activity;sid:84557618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694517)"; flow:established,from_client; content:"GET"; http_method; content:"/qb1pd7cy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t5h.da5y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694517/; classtype:trojan-activity;sid:84557617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.128.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694516/; classtype:trojan-activity;sid:84557616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.193.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694515/; classtype:trojan-activity;sid:84557615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.226.206.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694514/; classtype:trojan-activity;sid:84557614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694513)"; flow:established,from_client; content:"GET"; http_method; content:"/ok"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"sophos1997.camdvr.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694513/; classtype:trojan-activity;sid:84557613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694512)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5851730241/iphmuxs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694512/; classtype:trojan-activity;sid:84557612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.168.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694511/; classtype:trojan-activity;sid:84557611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694510)"; flow:established,from_client; content:"GET"; http_method; content:"/pc.google|3f|t=oqp4lng7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vef.ve1p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694510/; classtype:trojan-activity;sid:84557610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694509)"; flow:established,from_client; content:"GET"; http_method; content:"/g8r52v0jlb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7xpa.si9a.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694509/; classtype:trojan-activity;sid:84557609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694508)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7120586914/ns6iumk.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694508/; classtype:trojan-activity;sid:84557608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.135.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694507/; classtype:trojan-activity;sid:84557607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694506)"; flow:established,from_client; content:"GET"; http_method; content:"/knvbrg643r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7xpa.si9a.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694506/; classtype:trojan-activity;sid:84557606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694505)"; flow:established,from_client; content:"GET"; http_method; content:"/5cu.google|3f|t=lhaiu5vr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qa.fe9v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694505/; classtype:trojan-activity;sid:84557605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694504/; classtype:trojan-activity;sid:84557604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.193.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694503/; classtype:trojan-activity;sid:84557603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.16.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694502/; classtype:trojan-activity;sid:84557602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.174.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694501/; classtype:trojan-activity;sid:84557601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.51.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694500/; classtype:trojan-activity;sid:84557600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694498)"; flow:established,from_client; content:"GET"; http_method; content:"/68.google|3f|t=rgq2hqxs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kfy.be3q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694498/; classtype:trojan-activity;sid:84557598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694499)"; flow:established,from_client; content:"GET"; http_method; content:"/q6y24l4d9f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m4t9.si9a.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694499/; classtype:trojan-activity;sid:84557599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694497/; classtype:trojan-activity;sid:84557597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694496)"; flow:established,from_client; content:"GET"; http_method; content:"/am2uty6h02.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x5wk.ve1p.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694496/; classtype:trojan-activity;sid:84557596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694495)"; flow:established,from_client; content:"GET"; http_method; content:"/kb125mu1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uvd.3-5y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694495/; classtype:trojan-activity;sid:84557595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694494)"; flow:established,from_client; content:"GET"; http_method; content:"/voyodzy87p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b0zq.si9a.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694494/; classtype:trojan-activity;sid:84557594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694493)"; flow:established,from_client; content:"GET"; http_method; content:"/t4t.check|3f|t=dlwdsgha"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uvd.3-5y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694493/; classtype:trojan-activity;sid:84557593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.223.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694492/; classtype:trojan-activity;sid:84557592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694491/; classtype:trojan-activity;sid:84557591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.199.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694490/; classtype:trojan-activity;sid:84557590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694489)"; flow:established,from_client; content:"GET"; http_method; content:"/c867paxa"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fx.ru7x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694489/; classtype:trojan-activity;sid:84557589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694488)"; flow:established,from_client; content:"GET"; http_method; content:"/y289cs6se1.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x5wk.ve1p.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694488/; classtype:trojan-activity;sid:84557588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.155.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694487/; classtype:trojan-activity;sid:84557587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.124.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694486/; classtype:trojan-activity;sid:84557586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694484)"; flow:established,from_client; content:"GET"; http_method; content:"/z3y.google|3f|t=lk3o60z6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fx.ru7x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694484/; classtype:trojan-activity;sid:84557584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694485)"; flow:established,from_client; content:"GET"; http_method; content:"/g56s9t95ky.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w1c8.si9a.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694485/; classtype:trojan-activity;sid:84557585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.245.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694482/; classtype:trojan-activity;sid:84557582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694483/; classtype:trojan-activity;sid:84557583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.82.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694480/; classtype:trojan-activity;sid:84557580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694481/; classtype:trojan-activity;sid:84557581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694479/; classtype:trojan-activity;sid:84557579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694478)"; flow:established,from_client; content:"GET"; http_method; content:"/x9b7t39osc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w1c8.si9a.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694478/; classtype:trojan-activity;sid:84557578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694477)"; flow:established,from_client; content:"GET"; http_method; content:"/8p4.google|3f|t=krf2uyqp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"gw3.q3lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694477/; classtype:trojan-activity;sid:84557577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694475)"; flow:established,from_client; content:"GET"; http_method; content:"/h6oyrjhe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gw3.q3lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694475/; classtype:trojan-activity;sid:84557575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694476)"; flow:established,from_client; content:"GET"; http_method; content:"/pih3calxdf.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n6ta.ve1p.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694476/; classtype:trojan-activity;sid:84557576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.223.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694474/; classtype:trojan-activity;sid:84557574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.199.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694473/; classtype:trojan-activity;sid:84557573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694472)"; flow:established,from_client; content:"GET"; http_method; content:"/zy6telth"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jk.77-6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694472/; classtype:trojan-activity;sid:84557572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694471)"; flow:established,from_client; content:"GET"; http_method; content:"/80l98p2hjo.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n6ta.ve1p.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3694471/; classtype:trojan-activity;sid:84557571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.173.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694470/; classtype:trojan-activity;sid:84557570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694469)"; flow:established,from_client; content:"GET"; http_method; content:"/7q7195u6fy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e3h7n.si9a.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694469/; classtype:trojan-activity;sid:84557569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694468)"; flow:established,from_client; content:"GET"; http_method; content:"/le.google|3f|t=lx2co3ct"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jk.77-6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694468/; classtype:trojan-activity;sid:84557568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.82.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694467/; classtype:trojan-activity;sid:84557567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.195.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694466/; classtype:trojan-activity;sid:84557566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694465)"; flow:established,from_client; content:"GET"; http_method; content:"/tb62jnitc1.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b3x8.ve1p.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694465/; classtype:trojan-activity;sid:84557565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694464)"; flow:established,from_client; content:"GET"; http_method; content:"/vzd5m53t"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jqp.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694464/; classtype:trojan-activity;sid:84557564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694463)"; flow:established,from_client; content:"GET"; http_method; content:"/wewe3.johnsmith"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"37.49.148.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694463/; classtype:trojan-activity;sid:84557563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.124.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694462/; classtype:trojan-activity;sid:84557562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694460)"; flow:established,from_client; content:"GET"; http_method; content:"/t3l.check|3f|t=wmifiei1"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jqp.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694460/; classtype:trojan-activity;sid:84557560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694461)"; flow:established,from_client; content:"GET"; http_method; content:"/q9ftaefy6m.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9pwa.ha0m.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694461/; classtype:trojan-activity;sid:84557561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.198.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694459/; classtype:trojan-activity;sid:84557559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694458)"; flow:established,from_client; content:"GET"; http_method; content:"/5d0now4u5k.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"f9r2.ve1p.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694458/; classtype:trojan-activity;sid:84557558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694457)"; flow:established,from_client; content:"GET"; http_method; content:"/tndeqqnk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iso.e-dx.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694457/; classtype:trojan-activity;sid:84557557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694456)"; flow:established,from_client; content:"GET"; http_method; content:"/ogrg74dv42.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k9pwa.ha0m.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694456/; classtype:trojan-activity;sid:84557556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694455)"; flow:established,from_client; content:"GET"; http_method; content:"/0nn.check|3f|t=gpi91r7k"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"iso.e-dx.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694455/; classtype:trojan-activity;sid:84557555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694453)"; flow:established,from_client; content:"GET"; http_method; content:"/ax.google|3f|t=2jfurkcx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wzu.ki8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694453/; classtype:trojan-activity;sid:84557553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694454)"; flow:established,from_client; content:"GET"; http_method; content:"/3438p75cbg.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t6y3.ha0m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694454/; classtype:trojan-activity;sid:84557554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694452)"; flow:established,from_client; content:"GET"; http_method; content:"/30.check|3f|t=u1e5co8d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xb.t4mo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694452/; classtype:trojan-activity;sid:84557552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694451)"; flow:established,from_client; content:"GET"; http_method; content:"/6kgrn03r78.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z0tb.ha0m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694451/; classtype:trojan-activity;sid:84557551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.238.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694450/; classtype:trojan-activity;sid:84557550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.239.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694449/; classtype:trojan-activity;sid:84557549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.248.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694448/; classtype:trojan-activity;sid:84557548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694447/; classtype:trojan-activity;sid:84557547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694445)"; flow:established,from_client; content:"GET"; http_method; content:"/lkm.check|3f|t=jra7kudw"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"jq.u-v9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694445/; classtype:trojan-activity;sid:84557545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694446)"; flow:established,from_client; content:"GET"; http_method; content:"/7v846iuznx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z0tb.ha0m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694446/; classtype:trojan-activity;sid:84557546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.199.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694444/; classtype:trojan-activity;sid:84557544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694443)"; flow:established,from_client; content:"GET"; http_method; content:"/idgrc4b21a.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q7je.ve1p.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694443/; classtype:trojan-activity;sid:84557543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694442)"; flow:established,from_client; content:"GET"; http_method; content:"/yoinn0yq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ent.33b2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694442/; classtype:trojan-activity;sid:84557542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694441)"; flow:established,from_client; content:"GET"; http_method; content:"/eo9zryly7m.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r1m8q.ha0m.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694441/; classtype:trojan-activity;sid:84557541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694440)"; flow:established,from_client; content:"GET"; http_method; content:"/102.check|3f|t=sagm73pb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ent.33b2.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694440/; classtype:trojan-activity;sid:84557540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694439)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7559408112/8rsl970.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694439/; classtype:trojan-activity;sid:84557539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.210.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694437/; classtype:trojan-activity;sid:84557537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.199.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694438/; classtype:trojan-activity;sid:84557538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694436)"; flow:established,from_client; content:"GET"; http_method; content:"/d8hgmesyhd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r1m8q.ha0m.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694436/; classtype:trojan-activity;sid:84557536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694435)"; flow:established,from_client; content:"GET"; http_method; content:"/qw.google|3f|t=moftw1zr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"9ht.xa9t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694435/; classtype:trojan-activity;sid:84557535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694434)"; flow:established,from_client; content:"GET"; http_method; content:"/b191567669.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c5n3.m2la.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694434/; classtype:trojan-activity;sid:84557534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694433)"; flow:established,from_client; content:"GET"; http_method; content:"/24c1boti"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9ht.xa9t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694433/; classtype:trojan-activity;sid:84557533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.93.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694432/; classtype:trojan-activity;sid:84557532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694431)"; flow:established,from_client; content:"GET"; http_method; content:"/30z8yb8u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lj.zo6r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694431/; classtype:trojan-activity;sid:84557531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694430)"; flow:established,from_client; content:"GET"; http_method; content:"/x7jf7nyvsp.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c5n3.m2la.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694430/; classtype:trojan-activity;sid:84557530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.182.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694429/; classtype:trojan-activity;sid:84557529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694428)"; flow:established,from_client; content:"GET"; http_method; content:"/8ae29w0tns.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2k7.ha0m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694428/; classtype:trojan-activity;sid:84557528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694427)"; flow:established,from_client; content:"GET"; http_method; content:"/y0.check|3f|t=4ngjz2go"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lj.zo6r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694427/; classtype:trojan-activity;sid:84557527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.210.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694426/; classtype:trojan-activity;sid:84557526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.239.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694425/; classtype:trojan-activity;sid:84557525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.80.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694424/; classtype:trojan-activity;sid:84557524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.230.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694423/; classtype:trojan-activity;sid:84557523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694422/; classtype:trojan-activity;sid:84557522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694420)"; flow:established,from_client; content:"GET"; http_method; content:"/6ly73boy"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x7m.op76.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694420/; classtype:trojan-activity;sid:84557520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694421)"; flow:established,from_client; content:"GET"; http_method; content:"/9pl678fzua.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p6dv.m2la.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694421/; classtype:trojan-activity;sid:84557521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.178.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694418/; classtype:trojan-activity;sid:84557518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.58.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694419/; classtype:trojan-activity;sid:84557519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.182.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694417/; classtype:trojan-activity;sid:84557517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.29.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694416/; classtype:trojan-activity;sid:84557516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.227.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694415/; classtype:trojan-activity;sid:84557515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.126.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694414/; classtype:trojan-activity;sid:84557514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.226.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694413/; classtype:trojan-activity;sid:84557513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694412)"; flow:established,from_client; content:"GET"; http_method; content:"/w457qqrn8o.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z1wb.m2la.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694412/; classtype:trojan-activity;sid:84557512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694411)"; flow:established,from_client; content:"GET"; http_method; content:"/awxj3nr9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"53.y8-8.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694411/; classtype:trojan-activity;sid:84557511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.178.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694410/; classtype:trojan-activity;sid:84557510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.203.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694409/; classtype:trojan-activity;sid:84557509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694408)"; flow:established,from_client; content:"GET"; http_method; content:"/okxxkj2dmr.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"z1wb.m2la.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694408/; classtype:trojan-activity;sid:84557508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694407)"; flow:established,from_client; content:"GET"; http_method; content:"/4fcli0c9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vc.5-rt.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694407/; classtype:trojan-activity;sid:84557507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.97.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694406/; classtype:trojan-activity;sid:84557506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.39.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694405/; classtype:trojan-activity;sid:84557505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.226.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694404/; classtype:trojan-activity;sid:84557504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.243.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694403/; classtype:trojan-activity;sid:84557503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.89.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694402/; classtype:trojan-activity;sid:84557502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.84.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694401/; classtype:trojan-activity;sid:84557501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.226.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694397/; classtype:trojan-activity;sid:84557497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.152.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694398/; classtype:trojan-activity;sid:84557498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.130.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694399/; classtype:trojan-activity;sid:84557499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.226.206.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694400/; classtype:trojan-activity;sid:84557500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.155.2.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694396/; classtype:trojan-activity;sid:84557496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694395)"; flow:established,from_client; content:"GET"; http_method; content:"/vnwdmpt4hr.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t3xq.m2la.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694395/; classtype:trojan-activity;sid:84557495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694394)"; flow:established,from_client; content:"GET"; http_method; content:"/ahbimwkc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ivs.da5y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694394/; classtype:trojan-activity;sid:84557494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.123.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694393/; classtype:trojan-activity;sid:84557493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.126.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694392/; classtype:trojan-activity;sid:84557492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.170.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694391/; classtype:trojan-activity;sid:84557491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694390)"; flow:established,from_client; content:"GET"; http_method; content:"/5iziqx3c9y.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e9rm2.9-88.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694390/; classtype:trojan-activity;sid:84557490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694389)"; flow:established,from_client; content:"GET"; http_method; content:"/2nmqwzjo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ph.18yk.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694389/; classtype:trojan-activity;sid:84557489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694388)"; flow:established,from_client; content:"GET"; http_method; content:"/mfu.google|3f|t=n5sl6z0y"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ph.18yk.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694388/; classtype:trojan-activity;sid:84557488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.19.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694387/; classtype:trojan-activity;sid:84557487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694386)"; flow:established,from_client; content:"GET"; http_method; content:"/db3pjbpw32.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a8vd.no4s.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694386/; classtype:trojan-activity;sid:84557486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.39.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694385/; classtype:trojan-activity;sid:84557485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694384)"; flow:established,from_client; content:"GET"; http_method; content:"/od3thft4av.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e9rm2.9-88.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694384/; classtype:trojan-activity;sid:84557484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694383)"; flow:established,from_client; content:"GET"; http_method; content:"/5ll5lum0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"de7.fe9v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694383/; classtype:trojan-activity;sid:84557483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.61.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694382/; classtype:trojan-activity;sid:84557482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.123.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694381/; classtype:trojan-activity;sid:84557481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.243.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694380/; classtype:trojan-activity;sid:84557480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694379)"; flow:established,from_client; content:"GET"; http_method; content:"/n5z5q7hu6h.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n3qla.no4s.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694379/; classtype:trojan-activity;sid:84557479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694378)"; flow:established,from_client; content:"GET"; http_method; content:"/4z.google|3f|t=j7mhabqu"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"kzg.be3q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694378/; classtype:trojan-activity;sid:84557478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.152.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694377/; classtype:trojan-activity;sid:84557477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694376)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1781548144/uctjx9b.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694376/; classtype:trojan-activity;sid:84557476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.170.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694375/; classtype:trojan-activity;sid:84557475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694374)"; flow:established,from_client; content:"GET"; http_method; content:"/faf5uo0jxz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n3qla.no4s.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694374/; classtype:trojan-activity;sid:84557474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694373)"; flow:established,from_client; content:"GET"; http_method; content:"/b5.google|3f|t=bn0zr2ku"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a3.3-5y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694373/; classtype:trojan-activity;sid:84557473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.133.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694372/; classtype:trojan-activity;sid:84557472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694368)"; flow:established,from_client; content:"GET"; http_method; content:"/z4p3fgp2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91u.ru7x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694368/; classtype:trojan-activity;sid:84557468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694369)"; flow:established,from_client; content:"GET"; http_method; content:"/b1gff9lcjb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g5t9.no4s.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694369/; classtype:trojan-activity;sid:84557469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694370)"; flow:established,from_client; content:"GET"; http_method; content:"/h5l.google|3f|t=s9m8d2nc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"91u.ru7x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694370/; classtype:trojan-activity;sid:84557470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694371)"; flow:established,from_client; content:"GET"; http_method; content:"/a9tqaw6wsk.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u4j9.9-88.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694371/; classtype:trojan-activity;sid:84557471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.61.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694367/; classtype:trojan-activity;sid:84557467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.48.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694366/; classtype:trojan-activity;sid:84557466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.246.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694365/; classtype:trojan-activity;sid:84557465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694364)"; flow:established,from_client; content:"GET"; http_method; content:"/ylo5vhy62z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g5t9.no4s.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694364/; classtype:trojan-activity;sid:84557464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694363)"; flow:established,from_client; content:"GET"; http_method; content:"/q45.google|3f|t=dlw808kz"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"rl1.q3lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694363/; classtype:trojan-activity;sid:84557463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.189.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694362/; classtype:trojan-activity;sid:84557462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.152.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694361/; classtype:trojan-activity;sid:84557461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694360)"; flow:established,from_client; content:"GET"; http_method; content:"/48llb339do.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u4j9.9-88.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694360/; classtype:trojan-activity;sid:84557460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694359)"; flow:established,from_client; content:"GET"; http_method; content:"/ymhcdeb4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"10f.77-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694359/; classtype:trojan-activity;sid:84557459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.70.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694358/; classtype:trojan-activity;sid:84557458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694356)"; flow:established,from_client; content:"GET"; http_method; content:"/zka.google|3f|t=4sdm88ni"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"10f.77-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694356/; classtype:trojan-activity;sid:84557456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694357)"; flow:established,from_client; content:"GET"; http_method; content:"/8zv69q54uv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0s3n.no4s.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694357/; classtype:trojan-activity;sid:84557457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.196.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694355/; classtype:trojan-activity;sid:84557455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694354)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhikcofi9.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0s3n.no4s.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694354/; classtype:trojan-activity;sid:84557454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694353)"; flow:established,from_client; content:"GET"; http_method; content:"/wf5.google|3f|t=wrgczup2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"obi.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694353/; classtype:trojan-activity;sid:84557453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694352)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.90.236.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694352/; classtype:trojan-activity;sid:84557452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694351)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.90.236.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694351/; classtype:trojan-activity;sid:84557451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694350)"; flow:established,from_client; content:"GET"; http_method; content:"/udg0hkilp9.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a7ny.9-88.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694350/; classtype:trojan-activity;sid:84557450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694349)"; flow:established,from_client; content:"GET"; http_method; content:"/6ft2k0tt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"obi.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694349/; classtype:trojan-activity;sid:84557449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694348)"; flow:established,from_client; content:"GET"; http_method; content:"/hk0/codes.rar"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.dosyaupload.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694348/; classtype:trojan-activity;sid:84557448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.189.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694347/; classtype:trojan-activity;sid:84557447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694346)"; flow:established,from_client; content:"GET"; http_method; content:"/xlf8zunmcl.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k2hf.9-88.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694346/; classtype:trojan-activity;sid:84557446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.13.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694345/; classtype:trojan-activity;sid:84557445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694344)"; flow:established,from_client; content:"GET"; http_method; content:"/g946qsag"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"oz.m2la.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694344/; classtype:trojan-activity;sid:84557444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694343)"; flow:established,from_client; content:"GET"; http_method; content:"/lfp.google|3f|t=nerrmdtq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"oz.m2la.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694343/; classtype:trojan-activity;sid:84557443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.52.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694342/; classtype:trojan-activity;sid:84557442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694341)"; flow:established,from_client; content:"GET"; http_method; content:"/qz0dpb5i7o.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h2w8.no4s.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694341/; classtype:trojan-activity;sid:84557441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694340)"; flow:established,from_client; content:"GET"; http_method; content:"/xr2.google|3f|t=i18pa5bl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"80n.e-dx.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694340/; classtype:trojan-activity;sid:84557440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694339)"; flow:established,from_client; content:"GET"; http_method; content:"/ldo2as0ezv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p3kqa.q3lo.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694339/; classtype:trojan-activity;sid:84557439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694338)"; flow:established,from_client; content:"GET"; http_method; content:"/lwr.google|3f|t=3vdmzsyc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"gd.ki8n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694338/; classtype:trojan-activity;sid:84557438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694337)"; flow:established,from_client; content:"GET"; http_method; content:"/cwbgsc0njc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u4r9.q3lo.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694337/; classtype:trojan-activity;sid:84557437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694336)"; flow:established,from_client; content:"GET"; http_method; content:"/5x.google|3f|t=sw9hlqqz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a9.t4mo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694336/; classtype:trojan-activity;sid:84557436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.52.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694335/; classtype:trojan-activity;sid:84557435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.179.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694334/; classtype:trojan-activity;sid:84557434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694332)"; flow:established,from_client; content:"GET"; http_method; content:"/um.google|3f|t=1lo6t0an"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1n.33b2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694332/; classtype:trojan-activity;sid:84557432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694333)"; flow:established,from_client; content:"GET"; http_method; content:"/cd6tk20sss.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d7m0.q3lo.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694333/; classtype:trojan-activity;sid:84557433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.29.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694331/; classtype:trojan-activity;sid:84557431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.243.140.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694330/; classtype:trojan-activity;sid:84557430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.110.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694329/; classtype:trojan-activity;sid:84557429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694327)"; flow:established,from_client; content:"GET"; http_method; content:"/hc.google|3f|t=3con356u"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dd.zo6r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694327/; classtype:trojan-activity;sid:84557427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694328)"; flow:established,from_client; content:"GET"; http_method; content:"/vc478hztdl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x1zpn.q3lo.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694328/; classtype:trojan-activity;sid:84557428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.238.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694326/; classtype:trojan-activity;sid:84557426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.70.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694325/; classtype:trojan-activity;sid:84557425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694323)"; flow:established,from_client; content:"GET"; http_method; content:"/m91qm291"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dd.zo6r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694323/; classtype:trojan-activity;sid:84557423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694324)"; flow:established,from_client; content:"GET"; http_method; content:"/vh8beoa0sj.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g5zx.9-88.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694324/; classtype:trojan-activity;sid:84557424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.94.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694322/; classtype:trojan-activity;sid:84557422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694321)"; flow:established,from_client; content:"GET"; http_method; content:"/fk76yesxcq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x1zpn.q3lo.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694321/; classtype:trojan-activity;sid:84557421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694320)"; flow:established,from_client; content:"GET"; http_method; content:"/kc.check|3f|t=itv0xb9m"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"u7.1z57.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694320/; classtype:trojan-activity;sid:84557420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694319)"; flow:established,from_client; content:"GET"; http_method; content:"/dybu7aoqay.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g5zx.9-88.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694319/; classtype:trojan-activity;sid:84557419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694318)"; flow:established,from_client; content:"GET"; http_method; content:"/rd93ptde"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"u7.1z57.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694318/; classtype:trojan-activity;sid:84557418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.29.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694317/; classtype:trojan-activity;sid:84557417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.243.140.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694316/; classtype:trojan-activity;sid:84557416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694314)"; flow:established,from_client; content:"GET"; http_method; content:"/2fb0jjim"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nf.1yjp.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694314/; classtype:trojan-activity;sid:84557414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694315)"; flow:established,from_client; content:"GET"; http_method; content:"/9n0neyajoc.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y3kx.j935.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694315/; classtype:trojan-activity;sid:84557415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694313)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694313/; classtype:trojan-activity;sid:84557413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694304)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694304/; classtype:trojan-activity;sid:84557404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694305)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694305/; classtype:trojan-activity;sid:84557405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694306)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694306/; classtype:trojan-activity;sid:84557406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694307)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694307/; classtype:trojan-activity;sid:84557407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694308)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694308/; classtype:trojan-activity;sid:84557408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694309)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694309/; classtype:trojan-activity;sid:84557409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694310)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694310/; classtype:trojan-activity;sid:84557410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694311)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694311/; classtype:trojan-activity;sid:84557411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694312)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694312/; classtype:trojan-activity;sid:84557412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694300)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694300/; classtype:trojan-activity;sid:84557400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694301)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694301/; classtype:trojan-activity;sid:84557401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694302)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694302/; classtype:trojan-activity;sid:84557402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694303)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.20.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694303/; classtype:trojan-activity;sid:84557403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694299)"; flow:established,from_client; content:"GET"; http_method; content:"/akkb64mp7a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c8v2.q3lo.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694299/; classtype:trojan-activity;sid:84557399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694298)"; flow:established,from_client; content:"GET"; http_method; content:"/pf.google|3f|t=7lru03bs"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nf.1yjp.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694298/; classtype:trojan-activity;sid:84557398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694297)"; flow:established,from_client; content:"GET"; http_method; content:"/k8pz81tokk.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y3kx.j935.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694297/; classtype:trojan-activity;sid:84557397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.238.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694296/; classtype:trojan-activity;sid:84557396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694295)"; flow:established,from_client; content:"GET"; http_method; content:"/zhmimok0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8b.op76.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694295/; classtype:trojan-activity;sid:84557395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.83.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694294/; classtype:trojan-activity;sid:84557394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694293)"; flow:established,from_client; content:"GET"; http_method; content:"/3c2ttr771x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c8v2.q3lo.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694293/; classtype:trojan-activity;sid:84557393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694292)"; flow:established,from_client; content:"GET"; http_method; content:"/wq.check|3f|t=bfzsg2du"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"8b.op76.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694292/; classtype:trojan-activity;sid:84557392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.179.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694291/; classtype:trojan-activity;sid:84557391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694290)"; flow:established,from_client; content:"GET"; http_method; content:"/hk93bsozr6.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y3kx.j935.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694290/; classtype:trojan-activity;sid:84557390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694289)"; flow:established,from_client; content:"GET"; http_method; content:"/vbhkzedk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8b.op76.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694289/; classtype:trojan-activity;sid:84557389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694288)"; flow:established,from_client; content:"GET"; http_method; content:"/vcnpra9ipv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c8v2.q3lo.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694288/; classtype:trojan-activity;sid:84557388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694287)"; flow:established,from_client; content:"GET"; http_method; content:"/du.check|3f|t=k1c7uvev"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"a0.crju.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694287/; classtype:trojan-activity;sid:84557387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694286)"; flow:established,from_client; content:"GET"; http_method; content:"/kg2tk7fqna.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w1v9.j935.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694286/; classtype:trojan-activity;sid:84557386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694285)"; flow:established,from_client; content:"GET"; http_method; content:"/ouk0sz1a"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a0.crju.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694285/; classtype:trojan-activity;sid:84557385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.193.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694284/; classtype:trojan-activity;sid:84557384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.94.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694283/; classtype:trojan-activity;sid:84557383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.237.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694282/; classtype:trojan-activity;sid:84557382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694281)"; flow:established,from_client; content:"GET"; http_method; content:"/fvybfws3ba.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r5yd.b6je.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694281/; classtype:trojan-activity;sid:84557381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694280)"; flow:established,from_client; content:"GET"; http_method; content:"/2g.check|3f|t=7gyzqsvw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xo.y8-8.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694280/; classtype:trojan-activity;sid:84557380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694279)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/xaqw9xu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694279/; classtype:trojan-activity;sid:84557379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694277)"; flow:established,from_client; content:"GET"; http_method; content:"/zbr378h1s3.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w1v9.j935.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694277/; classtype:trojan-activity;sid:84557377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694278)"; flow:established,from_client; content:"GET"; http_method; content:"/vjfg4ko4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xo.y8-8.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694278/; classtype:trojan-activity;sid:84557378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.209.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694276/; classtype:trojan-activity;sid:84557376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.84.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694275/; classtype:trojan-activity;sid:84557375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.196.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694274/; classtype:trojan-activity;sid:84557374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.71.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694273/; classtype:trojan-activity;sid:84557373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694272)"; flow:established,from_client; content:"GET"; http_method; content:"/la.check|3f|t=n4liutx3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bz.5-rt.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694272/; classtype:trojan-activity;sid:84557372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694271)"; flow:established,from_client; content:"GET"; http_method; content:"/9fc59pjb19.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r5yd.b6je.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694271/; classtype:trojan-activity;sid:84557371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694270)"; flow:established,from_client; content:"GET"; http_method; content:"/y7.check|3f|t=z5vex341"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"d4.da5y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694270/; classtype:trojan-activity;sid:84557370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694269/; classtype:trojan-activity;sid:84557369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.112.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694268/; classtype:trojan-activity;sid:84557368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694267)"; flow:established,from_client; content:"GET"; http_method; content:"/r9yhyb4od7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m9qla.b6je.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694267/; classtype:trojan-activity;sid:84557367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.37.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694266/; classtype:trojan-activity;sid:84557366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.193.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694265/; classtype:trojan-activity;sid:84557365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.110.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694264/; classtype:trojan-activity;sid:84557364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.237.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694263/; classtype:trojan-activity;sid:84557363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.71.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694262/; classtype:trojan-activity;sid:84557362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694261)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694261/; classtype:trojan-activity;sid:84557361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694260)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694260/; classtype:trojan-activity;sid:84557360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694259)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694259/; classtype:trojan-activity;sid:84557359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694258)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694258/; classtype:trojan-activity;sid:84557358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694251)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694251/; classtype:trojan-activity;sid:84557351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694252)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694252/; classtype:trojan-activity;sid:84557352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694253)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694253/; classtype:trojan-activity;sid:84557353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694254)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694254/; classtype:trojan-activity;sid:84557354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694255)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694255/; classtype:trojan-activity;sid:84557355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694256)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694256/; classtype:trojan-activity;sid:84557356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694257)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694257/; classtype:trojan-activity;sid:84557357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.208.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694250/; classtype:trojan-activity;sid:84557350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.37.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694249/; classtype:trojan-activity;sid:84557349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.226.208.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694248/; classtype:trojan-activity;sid:84557348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694246)"; flow:established,from_client; content:"GET"; http_method; content:"/0sk.google|3f|t=ivv4blp7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"j68.ve1p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694246/; classtype:trojan-activity;sid:84557346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694247)"; flow:established,from_client; content:"GET"; http_method; content:"/5vnrqpo6cr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m9qla.b6je.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694247/; classtype:trojan-activity;sid:84557347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.84.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694245/; classtype:trojan-activity;sid:84557345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694244)"; flow:established,from_client; content:"GET"; http_method; content:"/5exhjz02u4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m9qla.b6je.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694244/; classtype:trojan-activity;sid:84557344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694243)"; flow:established,from_client; content:"GET"; http_method; content:"/qb.check|3f|t=yl3m9109"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"iq.18yk.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694243/; classtype:trojan-activity;sid:84557343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.209.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694242/; classtype:trojan-activity;sid:84557342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694241)"; flow:established,from_client; content:"GET"; http_method; content:"/lim3nt0n4u.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b4tr.j935.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694241/; classtype:trojan-activity;sid:84557341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694240)"; flow:established,from_client; content:"GET"; http_method; content:"/i6swbney"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iq.18yk.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694240/; classtype:trojan-activity;sid:84557340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694239)"; flow:established,from_client; content:"GET"; http_method; content:"/lqysz6skdq.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b4tr.j935.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694239/; classtype:trojan-activity;sid:84557339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694238)"; flow:established,from_client; content:"GET"; http_method; content:"/d4y2jzlt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iq.18yk.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694238/; classtype:trojan-activity;sid:84557338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.34.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694237/; classtype:trojan-activity;sid:84557337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694236/; classtype:trojan-activity;sid:84557336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694235)"; flow:established,from_client; content:"GET"; http_method; content:"/f3.google|3f|t=nxdeg4rz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ki.fe9v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694235/; classtype:trojan-activity;sid:84557335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694234)"; flow:established,from_client; content:"GET"; http_method; content:"/1btgnyrnes.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t0k3.b6je.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694234/; classtype:trojan-activity;sid:84557334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.158.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694233/; classtype:trojan-activity;sid:84557333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.124.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694232/; classtype:trojan-activity;sid:84557332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.106.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694231/; classtype:trojan-activity;sid:84557331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694230)"; flow:established,from_client; content:"GET"; http_method; content:"/x78xi1v287.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t0k3.b6je.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694230/; classtype:trojan-activity;sid:84557330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694229)"; flow:established,from_client; content:"GET"; http_method; content:"/v8l.google|3f|t=uya7ffv3"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cjq.be3q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694229/; classtype:trojan-activity;sid:84557329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.120.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694228/; classtype:trojan-activity;sid:84557328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.79.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694227/; classtype:trojan-activity;sid:84557327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.47.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694226/; classtype:trojan-activity;sid:84557326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694224)"; flow:established,from_client; content:"GET"; http_method; content:"/vw0.check|3f|t=e25z51rz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gg6.3-5y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694224/; classtype:trojan-activity;sid:84557324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694225)"; flow:established,from_client; content:"GET"; http_method; content:"/sygsm54mxi.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z6n4.b6je.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694225/; classtype:trojan-activity;sid:84557325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694223)"; flow:established,from_client; content:"GET"; http_method; content:"/d5itsxj2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dqb.ru7x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694223/; classtype:trojan-activity;sid:84557323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694222)"; flow:established,from_client; content:"GET"; http_method; content:"/00u6pxfqze.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d6qa.j935.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694222/; classtype:trojan-activity;sid:84557322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.164.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694221/; classtype:trojan-activity;sid:84557321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.158.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694220/; classtype:trojan-activity;sid:84557320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.66.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694219/; classtype:trojan-activity;sid:84557319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694218)"; flow:established,from_client; content:"GET"; http_method; content:"/uc.check|3f|t=u2cihzn1"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dqb.ru7x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694218/; classtype:trojan-activity;sid:84557318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694217)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6608710704/91dnbcl.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694217/; classtype:trojan-activity;sid:84557317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.126.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694216/; classtype:trojan-activity;sid:84557316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.144.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694215/; classtype:trojan-activity;sid:84557315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.79.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694214/; classtype:trojan-activity;sid:84557314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.106.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694213/; classtype:trojan-activity;sid:84557313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.120.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694212/; classtype:trojan-activity;sid:84557312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694209)"; flow:established,from_client; content:"GET"; http_method; content:"/j3v91v7rur.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j1p7q.b6je.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694209/; classtype:trojan-activity;sid:84557309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694208)"; flow:established,from_client; content:"GET"; http_method; content:"/f3z.check|3f|t=ndr9usc7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"rw.q3lo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694208/; classtype:trojan-activity;sid:84557308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.164.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694207/; classtype:trojan-activity;sid:84557307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.5.63"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694206/; classtype:trojan-activity;sid:84557306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.71.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694205/; classtype:trojan-activity;sid:84557305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694204)"; flow:established,from_client; content:"GET"; http_method; content:"/tw.check|3f|t=potddwd3"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"fs.77-6.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694204/; classtype:trojan-activity;sid:84557304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694203)"; flow:established,from_client; content:"GET"; http_method; content:"/4s5zl5uwr6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b3x9.h-3t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694203/; classtype:trojan-activity;sid:84557303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.66.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694202/; classtype:trojan-activity;sid:84557302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.126.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694201/; classtype:trojan-activity;sid:84557301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.144.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694200/; classtype:trojan-activity;sid:84557300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694199)"; flow:established,from_client; content:"GET"; http_method; content:"/phanduikee.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e9tva.h-3t.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694199/; classtype:trojan-activity;sid:84557299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694198)"; flow:established,from_client; content:"GET"; http_method; content:"/wsd.google|3f|t=zfsw63tq"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"m9p.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694198/; classtype:trojan-activity;sid:84557298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694197)"; flow:established,from_client; content:"GET"; http_method; content:"/o793kajihh.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j5aw9.9r3s.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694197/; classtype:trojan-activity;sid:84557297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694196)"; flow:established,from_client; content:"GET"; http_method; content:"/fep6bob5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m9p.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694196/; classtype:trojan-activity;sid:84557296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.182.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694195/; classtype:trojan-activity;sid:84557295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694194)"; flow:established,from_client; content:"GET"; http_method; content:"/vq6o6hzwi6.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j5aw9.9r3s.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694194/; classtype:trojan-activity;sid:84557294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694191)"; flow:established,from_client; content:"GET"; http_method; content:"/yvov78gh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6a.m2la.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694191/; classtype:trojan-activity;sid:84557291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694192)"; flow:established,from_client; content:"GET"; http_method; content:"/4o.check|3f|t=nl93hefp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"6a.m2la.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694192/; classtype:trojan-activity;sid:84557292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694193)"; flow:established,from_client; content:"GET"; http_method; content:"/y6p7uo1ifb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e9tva.h-3t.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694193/; classtype:trojan-activity;sid:84557293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.148.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694190/; classtype:trojan-activity;sid:84557290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.94.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694189/; classtype:trojan-activity;sid:84557289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.63.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694188/; classtype:trojan-activity;sid:84557288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.220.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694187/; classtype:trojan-activity;sid:84557287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694186)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/zjiafpz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694186/; classtype:trojan-activity;sid:84557286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.126.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694185/; classtype:trojan-activity;sid:84557285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.91.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694184/; classtype:trojan-activity;sid:84557284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694183)"; flow:established,from_client; content:"GET"; http_method; content:"/gsja8y7ecv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w7r0.h-3t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694183/; classtype:trojan-activity;sid:84557283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694181)"; flow:established,from_client; content:"GET"; http_method; content:"/u3z41190"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ng.e-dx.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694181/; classtype:trojan-activity;sid:84557281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694182)"; flow:established,from_client; content:"GET"; http_method; content:"/5x2r8n1zka.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j5aw9.9r3s.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694182/; classtype:trojan-activity;sid:84557282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694180)"; flow:established,from_client; content:"GET"; http_method; content:"/azg.check|3f|t=j08j6ltt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ng.e-dx.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694180/; classtype:trojan-activity;sid:84557280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.181.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694179/; classtype:trojan-activity;sid:84557279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.220.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694178/; classtype:trojan-activity;sid:84557278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.182.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694177/; classtype:trojan-activity;sid:84557277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694176)"; flow:established,from_client; content:"GET"; http_method; content:"/yea.google|3f|t=xsl7xmzi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2on.ki8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694176/; classtype:trojan-activity;sid:84557276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694175)"; flow:established,from_client; content:"GET"; http_method; content:"/49ybzm9mg8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w7r0.h-3t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694175/; classtype:trojan-activity;sid:84557275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694174)"; flow:established,from_client; content:"GET"; http_method; content:"/r5807bm5d9.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h3l8.9r3s.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694174/; classtype:trojan-activity;sid:84557274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.254.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694173/; classtype:trojan-activity;sid:84557273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694172)"; flow:established,from_client; content:"GET"; http_method; content:"/nv3q13uf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2on.ki8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694172/; classtype:trojan-activity;sid:84557272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694171)"; flow:established,from_client; content:"GET"; http_method; content:"/4v3.google|3f|t=pypp7pwi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y1.t4mo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694171/; classtype:trojan-activity;sid:84557271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694170)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694170/; classtype:trojan-activity;sid:84557270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.238.116.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694169/; classtype:trojan-activity;sid:84557269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.26.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694168/; classtype:trojan-activity;sid:84557268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.31.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694164/; classtype:trojan-activity;sid:84557264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.72.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694165/; classtype:trojan-activity;sid:84557265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.95.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694166/; classtype:trojan-activity;sid:84557266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.250.9.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694167/; classtype:trojan-activity;sid:84557267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694161/; classtype:trojan-activity;sid:84557261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694162/; classtype:trojan-activity;sid:84557262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbins/boatnet.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.68.34.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694163/; classtype:trojan-activity;sid:84557263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.155.2.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694160/; classtype:trojan-activity;sid:84557260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.252.159.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694159/; classtype:trojan-activity;sid:84557259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.7.139"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694158/; classtype:trojan-activity;sid:84557258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694157/; classtype:trojan-activity;sid:84557257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.69.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694156/; classtype:trojan-activity;sid:84557256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.63.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694155/; classtype:trojan-activity;sid:84557255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.94.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694154/; classtype:trojan-activity;sid:84557254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.126.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694153/; classtype:trojan-activity;sid:84557253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694151)"; flow:established,from_client; content:"GET"; http_method; content:"/fq9sakw5q5.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n0fp.9r3s.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694151/; classtype:trojan-activity;sid:84557251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694152)"; flow:established,from_client; content:"GET"; http_method; content:"/d/boss25617"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.119.139.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694152/; classtype:trojan-activity;sid:84557252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694150)"; flow:established,from_client; content:"GET"; http_method; content:"/9g3c4sd3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tc.u-v9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694150/; classtype:trojan-activity;sid:84557250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694149)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6202691699/xk5p9kv.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694149/; classtype:trojan-activity;sid:84557249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694148)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694148/; classtype:trojan-activity;sid:84557248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694146)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694146/; classtype:trojan-activity;sid:84557246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694147)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694147/; classtype:trojan-activity;sid:84557247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694145)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"get7.icingpeach.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694145/; classtype:trojan-activity;sid:84557245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694144)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"up17.tarotbag.digital"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694144/; classtype:trojan-activity;sid:84557244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694141)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"un6.headedshaky.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694141/; classtype:trojan-activity;sid:84557241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694142)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"58463.headedshaky.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694142/; classtype:trojan-activity;sid:84557242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694143)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jhuiy3.icingpeach.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694143/; classtype:trojan-activity;sid:84557243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694139)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694139/; classtype:trojan-activity;sid:84557239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694140)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694140/; classtype:trojan-activity;sid:84557240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694131)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694131/; classtype:trojan-activity;sid:84557231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694132)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694132/; classtype:trojan-activity;sid:84557232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694133)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694133/; classtype:trojan-activity;sid:84557233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694134)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694134/; classtype:trojan-activity;sid:84557234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694135)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694135/; classtype:trojan-activity;sid:84557235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694136)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694136/; classtype:trojan-activity;sid:84557236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694137)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694137/; classtype:trojan-activity;sid:84557237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694138)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694138/; classtype:trojan-activity;sid:84557238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694129)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sparc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694129/; classtype:trojan-activity;sid:84557229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694130)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694130/; classtype:trojan-activity;sid:84557230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694128)"; flow:established,from_client; content:"GET"; http_method; content:"/q2c3jsdxpv.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n0fp.9r3s.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694128/; classtype:trojan-activity;sid:84557228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694127)"; flow:established,from_client; content:"GET"; http_method; content:"/0vyv6nuz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"py.33b2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694127/; classtype:trojan-activity;sid:84557227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.210.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694126/; classtype:trojan-activity;sid:84557226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694125)"; flow:established,from_client; content:"GET"; http_method; content:"/u4swcv510a.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s2q1n.h-3t.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694125/; classtype:trojan-activity;sid:84557225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694124)"; flow:established,from_client; content:"GET"; http_method; content:"/ae.google|3f|t=g6jf98eq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"py.33b2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694124/; classtype:trojan-activity;sid:84557224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.69.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694123/; classtype:trojan-activity;sid:84557223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.2.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694122/; classtype:trojan-activity;sid:84557222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.218.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694121/; classtype:trojan-activity;sid:84557221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.254.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694120/; classtype:trojan-activity;sid:84557220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.48.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694119/; classtype:trojan-activity;sid:84557219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694118)"; flow:established,from_client; content:"GET"; http_method; content:"/ayqs6wjpec.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k4m8.h-3t.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694118/; classtype:trojan-activity;sid:84557218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694117)"; flow:established,from_client; content:"GET"; http_method; content:"/db.google|3f|t=ibbno1y5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qb.xa9t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694117/; classtype:trojan-activity;sid:84557217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694116)"; flow:established,from_client; content:"GET"; http_method; content:"/yaljjpkpez.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r4yq.9r3s.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694116/; classtype:trojan-activity;sid:84557216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694115)"; flow:established,from_client; content:"GET"; http_method; content:"/lzsw39d3"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qb.xa9t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694115/; classtype:trojan-activity;sid:84557215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.210.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694114/; classtype:trojan-activity;sid:84557214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.192.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694113/; classtype:trojan-activity;sid:84557213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.162.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694112/; classtype:trojan-activity;sid:84557212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694110)"; flow:established,from_client; content:"GET"; http_method; content:"/dj.google|3f|t=6oiq1n32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2iw.zo6r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694110/; classtype:trojan-activity;sid:84557210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694111)"; flow:established,from_client; content:"GET"; http_method; content:"/ve4pdgjw1c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n6tr.139z.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694111/; classtype:trojan-activity;sid:84557211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.2.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694109/; classtype:trojan-activity;sid:84557209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.218.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694108/; classtype:trojan-activity;sid:84557208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.48.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694107/; classtype:trojan-activity;sid:84557207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.161.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694106/; classtype:trojan-activity;sid:84557206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694105)"; flow:established,from_client; content:"GET"; http_method; content:"/q20r9we87e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g0sqa.139z.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694105/; classtype:trojan-activity;sid:84557205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694104)"; flow:established,from_client; content:"GET"; http_method; content:"/9x.check|3f|t=u9brwl48"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"17.1z57.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694104/; classtype:trojan-activity;sid:84557204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.162.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694103/; classtype:trojan-activity;sid:84557203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694101)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6065878864/rtvfrvv.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694101/; classtype:trojan-activity;sid:84557201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.230.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694102/; classtype:trojan-activity;sid:84557202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.88.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694100/; classtype:trojan-activity;sid:84557200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.206.74.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694099/; classtype:trojan-activity;sid:84557199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.85.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694098/; classtype:trojan-activity;sid:84557198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.22.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694097/; classtype:trojan-activity;sid:84557197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694096/; classtype:trojan-activity;sid:84557196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694095/; classtype:trojan-activity;sid:84557195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.161.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694094/; classtype:trojan-activity;sid:84557194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694092)"; flow:established,from_client; content:"GET"; http_method; content:"/4vesxp8n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0n.crju.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694092/; classtype:trojan-activity;sid:84557192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694093)"; flow:established,from_client; content:"GET"; http_method; content:"/fbfm0f3kdg.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q1me4.yw9a.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694093/; classtype:trojan-activity;sid:84557193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.41.213.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694091/; classtype:trojan-activity;sid:84557191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.64.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694090/; classtype:trojan-activity;sid:84557190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694089)"; flow:established,from_client; content:"GET"; http_method; content:"/6agnfww8yg.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q1me4.yw9a.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694089/; classtype:trojan-activity;sid:84557189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694088)"; flow:established,from_client; content:"GET"; http_method; content:"/n7k0ocln"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nn.y8-8.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694088/; classtype:trojan-activity;sid:84557188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.22.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694087/; classtype:trojan-activity;sid:84557187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.103.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694086/; classtype:trojan-activity;sid:84557186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694085)"; flow:established,from_client; content:"GET"; http_method; content:"/zq2ixsv7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"amo.5-rt.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694085/; classtype:trojan-activity;sid:84557185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694084)"; flow:established,from_client; content:"GET"; http_method; content:"/7fonfuu0s8.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v3d7.yw9a.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694084/; classtype:trojan-activity;sid:84557184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.207.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694083/; classtype:trojan-activity;sid:84557183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.64.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694082/; classtype:trojan-activity;sid:84557182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.80.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694081/; classtype:trojan-activity;sid:84557181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694080)"; flow:established,from_client; content:"GET"; http_method; content:"/a8n24bwrb1.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p9kr.yw9a.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694080/; classtype:trojan-activity;sid:84557180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694079)"; flow:established,from_client; content:"GET"; http_method; content:"/2w8mqm4g"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s1l.ve1p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694079/; classtype:trojan-activity;sid:84557179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.123.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694077/; classtype:trojan-activity;sid:84557177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.103.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694078/; classtype:trojan-activity;sid:84557178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.151.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694075/; classtype:trojan-activity;sid:84557175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.122.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694076/; classtype:trojan-activity;sid:84557176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694074)"; flow:established,from_client; content:"GET"; http_method; content:"/aqgkjqtup2.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"f2x8m.yw9a.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694074/; classtype:trojan-activity;sid:84557174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694073)"; flow:established,from_client; content:"GET"; http_method; content:"/g5gcfmli"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lz.fe9v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694073/; classtype:trojan-activity;sid:84557173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694072/; classtype:trojan-activity;sid:84557172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.239.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694071/; classtype:trojan-activity;sid:84557171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694070)"; flow:established,from_client; content:"GET"; http_method; content:"/9pms8lo5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.3-5y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694070/; classtype:trojan-activity;sid:84557170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694069)"; flow:established,from_client; content:"GET"; http_method; content:"/2vd5zw1lv5.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p3q.6x-3z.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694069/; classtype:trojan-activity;sid:84557169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.144.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694068/; classtype:trojan-activity;sid:84557168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694067/; classtype:trojan-activity;sid:84557167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.148.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694066/; classtype:trojan-activity;sid:84557166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694065)"; flow:established,from_client; content:"GET"; http_method; content:"/fnym6wqj4u.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k7v1.6x-3z.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694065/; classtype:trojan-activity;sid:84557165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694064)"; flow:established,from_client; content:"GET"; http_method; content:"/jpkfd7y9"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"c0.ru7x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694064/; classtype:trojan-activity;sid:84557164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694063)"; flow:established,from_client; content:"GET"; http_method; content:"/lu0s3qfe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2x7.q3lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694063/; classtype:trojan-activity;sid:84557163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694062)"; flow:established,from_client; content:"GET"; http_method; content:"/jqcfd4jzg6.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k7v1.6x-3z.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694062/; classtype:trojan-activity;sid:84557162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.3.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694060/; classtype:trojan-activity;sid:84557160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.165.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694061/; classtype:trojan-activity;sid:84557161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.81.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694059/; classtype:trojan-activity;sid:84557159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.49.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694058/; classtype:trojan-activity;sid:84557158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694057)"; flow:established,from_client; content:"GET"; http_method; content:"/i2mcc1tc5t.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u0b9.6x-3z.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694057/; classtype:trojan-activity;sid:84557157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694056)"; flow:established,from_client; content:"GET"; http_method; content:"/q6ulcy4f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pf4.77-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694056/; classtype:trojan-activity;sid:84557156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.215.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694055/; classtype:trojan-activity;sid:84557155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694054/; classtype:trojan-activity;sid:84557154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.97.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694052/; classtype:trojan-activity;sid:84557152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.170.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694053/; classtype:trojan-activity;sid:84557153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.101.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694051/; classtype:trojan-activity;sid:84557151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694050)"; flow:established,from_client; content:"GET"; http_method; content:"/5pz0tsxjlg.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g4m.6x-3z.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694050/; classtype:trojan-activity;sid:84557150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694049)"; flow:established,from_client; content:"GET"; http_method; content:"/vtaqq6k6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4p2.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694049/; classtype:trojan-activity;sid:84557149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.180.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694048/; classtype:trojan-activity;sid:84557148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.49.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694047/; classtype:trojan-activity;sid:84557147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.146.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694046/; classtype:trojan-activity;sid:84557146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.163.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694045/; classtype:trojan-activity;sid:84557145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694044)"; flow:established,from_client; content:"GET"; http_method; content:"/uajh6haomv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y9bm.139z.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694044/; classtype:trojan-activity;sid:84557144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694043)"; flow:established,from_client; content:"GET"; http_method; content:"/qj.check|3f|t=s3z71364"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"9yg.m2la.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694043/; classtype:trojan-activity;sid:84557143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694042)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694042/; classtype:trojan-activity;sid:84557142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694040)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694040/; classtype:trojan-activity;sid:84557140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694041)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694041/; classtype:trojan-activity;sid:84557141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694038)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694038/; classtype:trojan-activity;sid:84557138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694039)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694039/; classtype:trojan-activity;sid:84557139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694035)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694035/; classtype:trojan-activity;sid:84557135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694036)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694036/; classtype:trojan-activity;sid:84557136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694037)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694037/; classtype:trojan-activity;sid:84557137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694033)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694033/; classtype:trojan-activity;sid:84557133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694034)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694034/; classtype:trojan-activity;sid:84557134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694031)"; flow:established,from_client; content:"GET"; http_method; content:"/i7.check|3f|t=5875h69u"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"u1.e-dx.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694031/; classtype:trojan-activity;sid:84557131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694032/; classtype:trojan-activity;sid:84557132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694030)"; flow:established,from_client; content:"GET"; http_method; content:"/myew6h5z4f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a3vnt.139z.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694030/; classtype:trojan-activity;sid:84557130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.249.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694029/; classtype:trojan-activity;sid:84557129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.170.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694028/; classtype:trojan-activity;sid:84557128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.203.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694027/; classtype:trojan-activity;sid:84557127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694026/; classtype:trojan-activity;sid:84557126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.215.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694025/; classtype:trojan-activity;sid:84557125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694024)"; flow:established,from_client; content:"GET"; http_method; content:"/1rny0rioyq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pzk6.139z.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694024/; classtype:trojan-activity;sid:84557124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694023)"; flow:established,from_client; content:"GET"; http_method; content:"/5v.google|3f|t=unq26qwa"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xc.ki8n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694023/; classtype:trojan-activity;sid:84557123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.3.251"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694022/; classtype:trojan-activity;sid:84557122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.75.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694021/; classtype:trojan-activity;sid:84557121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694020)"; flow:established,from_client; content:"GET"; http_method; content:"/eom8u24ij4.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n.k-8ip.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694020/; classtype:trojan-activity;sid:84557120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694019)"; flow:established,from_client; content:"GET"; http_method; content:"/vysk8aip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7t.t4mo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694019/; classtype:trojan-activity;sid:84557119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.203.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694018/; classtype:trojan-activity;sid:84557118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694017/; classtype:trojan-activity;sid:84557117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694016)"; flow:established,from_client; content:"GET"; http_method; content:"/c5w1d1sami.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c0z7.k-8ip.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694016/; classtype:trojan-activity;sid:84557116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.226.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694015/; classtype:trojan-activity;sid:84557115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694014)"; flow:established,from_client; content:"GET"; http_method; content:"/qn746vcu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8v.u-v9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694014/; classtype:trojan-activity;sid:84557114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.108.20.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694012/; classtype:trojan-activity;sid:84557112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.51.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694013/; classtype:trojan-activity;sid:84557113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.14.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694011/; classtype:trojan-activity;sid:84557111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694010)"; flow:established,from_client; content:"GET"; http_method; content:"/9dxs92e6uj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h4qpn.v4-z.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694010/; classtype:trojan-activity;sid:84557110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694009)"; flow:established,from_client; content:"GET"; http_method; content:"/r7z.check|3f|t=7vkdpxe2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"wy.33b2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694009/; classtype:trojan-activity;sid:84557109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.80.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694008/; classtype:trojan-activity;sid:84557108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.250.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694007/; classtype:trojan-activity;sid:84557107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694006)"; flow:established,from_client; content:"GET"; http_method; content:"/czgrj6sljf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h4qpn.v4-z.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694006/; classtype:trojan-activity;sid:84557106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694005)"; flow:established,from_client; content:"GET"; http_method; content:"/45s.google|3f|t=4y7mjl1w"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sw.xa9t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694005/; classtype:trojan-activity;sid:84557105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.75.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694004/; classtype:trojan-activity;sid:84557104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694003)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5917492177/dqxmvaf.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694003/; classtype:trojan-activity;sid:84557103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.108.20.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694002/; classtype:trojan-activity;sid:84557102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694001/; classtype:trojan-activity;sid:84557101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3694000)"; flow:established,from_client; content:"GET"; http_method; content:"/tl3aculs8z.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"s1.k-8ip.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3694000/; classtype:trojan-activity;sid:84557100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693999)"; flow:established,from_client; content:"GET"; http_method; content:"/ly7uzulxwy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c9la.v4-z.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693999/; classtype:trojan-activity;sid:84557099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693997)"; flow:established,from_client; content:"GET"; http_method; content:"/g2j9nvd2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gle.zo6r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693997/; classtype:trojan-activity;sid:84557097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693998)"; flow:established,from_client; content:"GET"; http_method; content:"/frn.check|3f|t=km3neve4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gle.zo6r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693998/; classtype:trojan-activity;sid:84557098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693996)"; flow:established,from_client; content:"GET"; http_method; content:"/2j.check|3f|t=7j7wb9i6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"7c7.1z57.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693996/; classtype:trojan-activity;sid:84557096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693995)"; flow:established,from_client; content:"GET"; http_method; content:"/g0xpqbyvzx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c9la.v4-z.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693995/; classtype:trojan-activity;sid:84557095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.250.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693994/; classtype:trojan-activity;sid:84557094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693993)"; flow:established,from_client; content:"GET"; http_method; content:"/8ju9poonvd.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c9la.v4-z.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693993/; classtype:trojan-activity;sid:84557093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693992)"; flow:established,from_client; content:"GET"; http_method; content:"/hz.google|3f|t=7dzcfntz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8s.1yjp.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693992/; classtype:trojan-activity;sid:84557092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.36.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693991/; classtype:trojan-activity;sid:84557091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.80.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693990/; classtype:trojan-activity;sid:84557090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693988)"; flow:established,from_client; content:"GET"; http_method; content:"/81.check|3f|t=tlhm57eb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tp.op76.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693988/; classtype:trojan-activity;sid:84557088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693989)"; flow:established,from_client; content:"GET"; http_method; content:"/s62u98gcwv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m5we2.v4-z.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693989/; classtype:trojan-activity;sid:84557089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.0.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693987/; classtype:trojan-activity;sid:84557087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693986)"; flow:established,from_client; content:"GET"; http_method; content:"/q2fp85xvtu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h0w4.98g-bj.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693986/; classtype:trojan-activity;sid:84557086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693985)"; flow:established,from_client; content:"GET"; http_method; content:"/3iz.google|3f|t=eh8py1mj"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"60.crju.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693985/; classtype:trojan-activity;sid:84557085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693984)"; flow:established,from_client; content:"GET"; http_method; content:"/pfr367jj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"60.crju.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693984/; classtype:trojan-activity;sid:84557084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693983)"; flow:established,from_client; content:"GET"; http_method; content:"/axu7a2mg6z.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q.tgmop.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693983/; classtype:trojan-activity;sid:84557083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693982)"; flow:established,from_client; content:"GET"; http_method; content:"/bw.check|3f|t=24h2h7qw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.y8-8.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693982/; classtype:trojan-activity;sid:84557082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693981)"; flow:established,from_client; content:"GET"; http_method; content:"/65zi79u8vj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h0w4.98g-bj.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693981/; classtype:trojan-activity;sid:84557081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.36.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693980/; classtype:trojan-activity;sid:84557080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693979)"; flow:established,from_client; content:"GET"; http_method; content:"/xobi.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693979/; classtype:trojan-activity;sid:84557079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.5.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693978/; classtype:trojan-activity;sid:84557078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.235.201.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693977/; classtype:trojan-activity;sid:84557077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693966)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"134.209.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693966/; classtype:trojan-activity;sid:84557066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693967)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"134.209.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693967/; classtype:trojan-activity;sid:84557067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.149.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693968/; classtype:trojan-activity;sid:84557068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693969)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"134.209.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693969/; classtype:trojan-activity;sid:84557069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693970)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"134.209.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693970/; classtype:trojan-activity;sid:84557070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693971)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"134.209.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693971/; classtype:trojan-activity;sid:84557071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693972)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"134.209.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693972/; classtype:trojan-activity;sid:84557072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693973)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"134.209.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693973/; classtype:trojan-activity;sid:84557073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693974)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"134.209.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693974/; classtype:trojan-activity;sid:84557074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693975)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"134.209.42.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693975/; classtype:trojan-activity;sid:84557075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.76.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693976/; classtype:trojan-activity;sid:84557076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.1.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693965/; classtype:trojan-activity;sid:84557065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.70.252.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693964/; classtype:trojan-activity;sid:84557064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693963)"; flow:established,from_client; content:"GET"; http_method; content:"/m3z7xitw11.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k2w0.tgmop.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693963/; classtype:trojan-activity;sid:84557063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693962)"; flow:established,from_client; content:"GET"; http_method; content:"/9mtcn6ma8v.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g2x7m.98g-bj.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693962/; classtype:trojan-activity;sid:84557062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693960)"; flow:established,from_client; content:"GET"; http_method; content:"/xyvlymst"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2fr.5-rt.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693960/; classtype:trojan-activity;sid:84557060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693961)"; flow:established,from_client; content:"GET"; http_method; content:"/ns8.google|3f|t=ozyt7wmw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2fr.5-rt.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693961/; classtype:trojan-activity;sid:84557061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693959)"; flow:established,from_client; content:"GET"; http_method; content:"/d7l73wnt4a.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k2w0.tgmop.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693959/; classtype:trojan-activity;sid:84557059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693956)"; flow:established,from_client; content:"GET"; http_method; content:"/di417c9m"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bo.da5y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693956/; classtype:trojan-activity;sid:84557056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693957)"; flow:established,from_client; content:"GET"; http_method; content:"/y6i.google|3f|t=fiypvwtk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bo.da5y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693957/; classtype:trojan-activity;sid:84557057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693958)"; flow:established,from_client; content:"GET"; http_method; content:"/ifm4q96ek7.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g2x7m.98g-bj.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693958/; classtype:trojan-activity;sid:84557058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693955/; classtype:trojan-activity;sid:84557055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693954)"; flow:established,from_client; content:"GET"; http_method; content:"/hgymkkabe3.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a3z.tgmop.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693954/; classtype:trojan-activity;sid:84557054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693953)"; flow:established,from_client; content:"GET"; http_method; content:"/d0f72ou0"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mde.ve1p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693953/; classtype:trojan-activity;sid:84557053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693951/; classtype:trojan-activity;sid:84557051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.104.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693952/; classtype:trojan-activity;sid:84557052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693950)"; flow:established,from_client; content:"GET"; http_method; content:"/funyvu65of.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n5rqa.98g-bj.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693950/; classtype:trojan-activity;sid:84557050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693949)"; flow:established,from_client; content:"GET"; http_method; content:"/wyc.check|3f|t=qrrtihgx"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"mde.ve1p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693949/; classtype:trojan-activity;sid:84557049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.5.100"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693948/; classtype:trojan-activity;sid:84557048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693947/; classtype:trojan-activity;sid:84557047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693946)"; flow:established,from_client; content:"GET"; http_method; content:"/9hc19lcsqu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n5rqa.98g-bj.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693946/; classtype:trojan-activity;sid:84557046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693945)"; flow:established,from_client; content:"GET"; http_method; content:"/ut6.check|3f|t=nsahyesp"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sh.18yk.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693945/; classtype:trojan-activity;sid:84557045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.187.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693944/; classtype:trojan-activity;sid:84557044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.125.51.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693943/; classtype:trojan-activity;sid:84557043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693942)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693942/; classtype:trojan-activity;sid:84557042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693941)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693941/; classtype:trojan-activity;sid:84557041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693939)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693939/; classtype:trojan-activity;sid:84557039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693940)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693940/; classtype:trojan-activity;sid:84557040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693933)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693933/; classtype:trojan-activity;sid:84557033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693934)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693934/; classtype:trojan-activity;sid:84557034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693935)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693935/; classtype:trojan-activity;sid:84557035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693936)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693936/; classtype:trojan-activity;sid:84557036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693937)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693937/; classtype:trojan-activity;sid:84557037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693938)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.111.248.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693938/; classtype:trojan-activity;sid:84557038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.51.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693932/; classtype:trojan-activity;sid:84557032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.239.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693931/; classtype:trojan-activity;sid:84557031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.137.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693930/; classtype:trojan-activity;sid:84557030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693929/; classtype:trojan-activity;sid:84557029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693927)"; flow:established,from_client; content:"GET"; http_method; content:"/t76.google|3f|t=mcp2dmkw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"6n.3-5y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693927/; classtype:trojan-activity;sid:84557027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693928)"; flow:established,from_client; content:"GET"; http_method; content:"/0hwix7yr86.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y9t3.98g-bj.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693928/; classtype:trojan-activity;sid:84557028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.51.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693926/; classtype:trojan-activity;sid:84557026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.242.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693925/; classtype:trojan-activity;sid:84557025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693924)"; flow:established,from_client; content:"GET"; http_method; content:"/88v.check|3f|t=i8zkrz33"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b0.ru7x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693924/; classtype:trojan-activity;sid:84557024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693923)"; flow:established,from_client; content:"GET"; http_method; content:"/qgzfb7os44.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y9t3.98g-bj.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693923/; classtype:trojan-activity;sid:84557023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.15.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693922/; classtype:trojan-activity;sid:84557022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693920)"; flow:established,from_client; content:"GET"; http_method; content:"/wu.google|3f|t=y5z0pc3i"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b3m.q3lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693920/; classtype:trojan-activity;sid:84557020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693921)"; flow:established,from_client; content:"GET"; http_method; content:"/hu0tcdzvrb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c1pze.98g-bj.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693921/; classtype:trojan-activity;sid:84557021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693919/; classtype:trojan-activity;sid:84557019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.164.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693918/; classtype:trojan-activity;sid:84557018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.125.51.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693917/; classtype:trojan-activity;sid:84557017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693916)"; flow:established,from_client; content:"GET"; http_method; content:"/8sf1ismmkr.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m4n.89atr.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693916/; classtype:trojan-activity;sid:84557016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693915)"; flow:established,from_client; content:"GET"; http_method; content:"/qh4le3ku"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jjl.77-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693915/; classtype:trojan-activity;sid:84557015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.234.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693914/; classtype:trojan-activity;sid:84557014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.173.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693913/; classtype:trojan-activity;sid:84557013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693912)"; flow:established,from_client; content:"GET"; http_method; content:"/i0z5muxz37.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m4n.89atr.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693912/; classtype:trojan-activity;sid:84557012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693911)"; flow:established,from_client; content:"GET"; http_method; content:"/ev5oe4sj"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m5n.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693911/; classtype:trojan-activity;sid:84557011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.34.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693910/; classtype:trojan-activity;sid:84557010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693909)"; flow:established,from_client; content:"GET"; http_method; content:"/8vg6h4prhq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c1pze.98g-bj.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693909/; classtype:trojan-activity;sid:84557009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693908)"; flow:established,from_client; content:"GET"; http_method; content:"/m7c.check|3f|t=ybe29pg9"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m5n.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693908/; classtype:trojan-activity;sid:84557008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693907)"; flow:established,from_client; content:"GET"; http_method; content:"/tr5r536l1w.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zq1.89atr.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693907/; classtype:trojan-activity;sid:84557007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693906)"; flow:established,from_client; content:"GET"; http_method; content:"/w22djit1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"t0.m2la.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693906/; classtype:trojan-activity;sid:84557006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693905)"; flow:established,from_client; content:"GET"; http_method; content:"/9hg965l9t8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m4ny.p0k61h.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693905/; classtype:trojan-activity;sid:84557005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693904)"; flow:established,from_client; content:"GET"; http_method; content:"/45.check|3f|t=novjb1kf"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t0.m2la.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693904/; classtype:trojan-activity;sid:84557004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.214.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693903/; classtype:trojan-activity;sid:84557003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.164.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693902/; classtype:trojan-activity;sid:84557002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.173.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693901/; classtype:trojan-activity;sid:84557001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.196.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693900/; classtype:trojan-activity;sid:84557000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693899)"; flow:established,from_client; content:"GET"; http_method; content:"/71dopaksjy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t5bx0.p0k61h.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693899/; classtype:trojan-activity;sid:84556999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693898)"; flow:established,from_client; content:"GET"; http_method; content:"/60v.google|3f|t=mrz95b99"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"v0s.ki8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693898/; classtype:trojan-activity;sid:84556998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.67.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693897/; classtype:trojan-activity;sid:84556997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693896)"; flow:established,from_client; content:"GET"; http_method; content:"/pu3dz5su1d.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p6.89atr.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693896/; classtype:trojan-activity;sid:84556996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693895)"; flow:established,from_client; content:"GET"; http_method; content:"/xot6gs7o"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"v7.t4mo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693895/; classtype:trojan-activity;sid:84556995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693894)"; flow:established,from_client; content:"GET"; http_method; content:"/c6mh3pqynl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z8r1d.p0k61h.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693894/; classtype:trojan-activity;sid:84556994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693893)"; flow:established,from_client; content:"GET"; http_method; content:"/ab.google|3f|t=mpdby5cr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v7.t4mo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693893/; classtype:trojan-activity;sid:84556993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.141.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693892/; classtype:trojan-activity;sid:84556992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.57.98"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693891/; classtype:trojan-activity;sid:84556991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.65.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693890/; classtype:trojan-activity;sid:84556990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693889)"; flow:established,from_client; content:"GET"; http_method; content:"/j1bm5emp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3ch.u-v9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693889/; classtype:trojan-activity;sid:84556989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693888)"; flow:established,from_client; content:"GET"; http_method; content:"/czpm9w737v.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2k.4-4gy.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693888/; classtype:trojan-activity;sid:84556988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693886)"; flow:established,from_client; content:"GET"; http_method; content:"/veb.google|3f|t=d2urg3ze"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3ch.u-v9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693886/; classtype:trojan-activity;sid:84556986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693887)"; flow:established,from_client; content:"GET"; http_method; content:"/w0nkvgf9kp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2k9.p0k61h.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693887/; classtype:trojan-activity;sid:84556987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.220.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693885/; classtype:trojan-activity;sid:84556985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693884/; classtype:trojan-activity;sid:84556984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693883)"; flow:established,from_client; content:"GET"; http_method; content:"/2pl5gy4j2n.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v2k9.p0k61h.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693883/; classtype:trojan-activity;sid:84556983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693882)"; flow:established,from_client; content:"GET"; http_method; content:"/1n.check|3f|t=gheg84lp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dn.33b2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693882/; classtype:trojan-activity;sid:84556982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.195.7.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693881/; classtype:trojan-activity;sid:84556981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.67.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693880/; classtype:trojan-activity;sid:84556980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.32.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693879/; classtype:trojan-activity;sid:84556979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.229.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693878/; classtype:trojan-activity;sid:84556978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693877)"; flow:established,from_client; content:"GET"; http_method; content:"/i5z0mcc08i.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7m3a.p0k61h.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693877/; classtype:trojan-activity;sid:84556977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693876)"; flow:established,from_client; content:"GET"; http_method; content:"/it1.check|3f|t=yh4hmqs3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1kl.xa9t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693876/; classtype:trojan-activity;sid:84556976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.115.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693875/; classtype:trojan-activity;sid:84556975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693874)"; flow:established,from_client; content:"GET"; http_method; content:"/t0z06kd69k.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7m3a.p0k61h.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693874/; classtype:trojan-activity;sid:84556974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693873)"; flow:established,from_client; content:"GET"; http_method; content:"/1c.google|3f|t=ud31pzge"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"uq.zo6r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693873/; classtype:trojan-activity;sid:84556973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.15.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693872/; classtype:trojan-activity;sid:84556972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693871/; classtype:trojan-activity;sid:84556971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.220.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693870/; classtype:trojan-activity;sid:84556970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.188.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693868/; classtype:trojan-activity;sid:84556968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.116.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693869/; classtype:trojan-activity;sid:84556969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.88.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693867/; classtype:trojan-activity;sid:84556967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.207.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693866/; classtype:trojan-activity;sid:84556966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.164.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693865/; classtype:trojan-activity;sid:84556965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693864)"; flow:established,from_client; content:"GET"; http_method; content:"/6agni9xxm0.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t0y6.op-76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693864/; classtype:trojan-activity;sid:84556964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693863)"; flow:established,from_client; content:"GET"; http_method; content:"/h5.check|3f|t=6aksc6ww"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ak.1yjp.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693863/; classtype:trojan-activity;sid:84556963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.188.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693862/; classtype:trojan-activity;sid:84556962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.32.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693861/; classtype:trojan-activity;sid:84556961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.81.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693860/; classtype:trojan-activity;sid:84556960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.115.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693859/; classtype:trojan-activity;sid:84556959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.80.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693858/; classtype:trojan-activity;sid:84556958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.41.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693857/; classtype:trojan-activity;sid:84556957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.116.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693856/; classtype:trojan-activity;sid:84556956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693855)"; flow:established,from_client; content:"GET"; http_method; content:"/iite8k4uqo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t0y6.op-76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693855/; classtype:trojan-activity;sid:84556955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693854)"; flow:established,from_client; content:"GET"; http_method; content:"/ujy.check|3f|t=yaxeo0rb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ttz.op76.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693854/; classtype:trojan-activity;sid:84556954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.229.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693853/; classtype:trojan-activity;sid:84556953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693852)"; flow:established,from_client; content:"GET"; http_method; content:"/9zvhjj6cjo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e9n4k.op-76.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693852/; classtype:trojan-activity;sid:84556952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693851)"; flow:established,from_client; content:"GET"; http_method; content:"/fzj.google|3f|t=2g0jiwes"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"qh.crju.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693851/; classtype:trojan-activity;sid:84556951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.88.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693850/; classtype:trojan-activity;sid:84556950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693849/; classtype:trojan-activity;sid:84556949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693848)"; flow:established,from_client; content:"GET"; http_method; content:"/5sm.check|3f|t=vxi42eht"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v2q.y8-8.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693848/; classtype:trojan-activity;sid:84556948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693847)"; flow:established,from_client; content:"GET"; http_method; content:"/5qxn8erjur.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e9n4k.op-76.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693847/; classtype:trojan-activity;sid:84556947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.229.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693846/; classtype:trojan-activity;sid:84556946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.80.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693845/; classtype:trojan-activity;sid:84556945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.41.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693844/; classtype:trojan-activity;sid:84556944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.161.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693843/; classtype:trojan-activity;sid:84556943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.239.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693842/; classtype:trojan-activity;sid:84556942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.229.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693841/; classtype:trojan-activity;sid:84556941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693840)"; flow:established,from_client; content:"GET"; http_method; content:"/35ird0pesm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m2q8.op-76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693840/; classtype:trojan-activity;sid:84556940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693839)"; flow:established,from_client; content:"GET"; http_method; content:"/ff6.google|3f|t=vlhkxuh7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q2.5-rt.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693839/; classtype:trojan-activity;sid:84556939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.43.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693838/; classtype:trojan-activity;sid:84556938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.12.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693837/; classtype:trojan-activity;sid:84556937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.98.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693836/; classtype:trojan-activity;sid:84556936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.161.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693835/; classtype:trojan-activity;sid:84556935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.181.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693834/; classtype:trojan-activity;sid:84556934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.219.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693833/; classtype:trojan-activity;sid:84556933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.163.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693830/; classtype:trojan-activity;sid:84556930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.210.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693831/; classtype:trojan-activity;sid:84556931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.139.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693832/; classtype:trojan-activity;sid:84556932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.210.92.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693829/; classtype:trojan-activity;sid:84556929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.12.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693828/; classtype:trojan-activity;sid:84556928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693826)"; flow:established,from_client; content:"GET"; http_method; content:"/aqb.google|3f|t=nc8e4prp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"0w.da5y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693826/; classtype:trojan-activity;sid:84556926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693827)"; flow:established,from_client; content:"GET"; http_method; content:"/oek0pfnw4w.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a5w9t.op-76.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693827/; classtype:trojan-activity;sid:84556927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.194.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693825/; classtype:trojan-activity;sid:84556925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.87.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693824/; classtype:trojan-activity;sid:84556924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693823)"; flow:established,from_client; content:"GET"; http_method; content:"/of.check|3f|t=napb6m3s"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"u5.ve1p.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693823/; classtype:trojan-activity;sid:84556923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693822)"; flow:established,from_client; content:"GET"; http_method; content:"/olboumfco1.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a5w9t.op-76.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693822/; classtype:trojan-activity;sid:84556922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.244.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693821/; classtype:trojan-activity;sid:84556921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.91.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693820/; classtype:trojan-activity;sid:84556920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693819)"; flow:established,from_client; content:"GET"; http_method; content:"/s0yigqe6sw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3h1.op-76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693819/; classtype:trojan-activity;sid:84556919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693818)"; flow:established,from_client; content:"GET"; http_method; content:"/4u.google|3f|t=v6ocps9z"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0k.18yk.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693818/; classtype:trojan-activity;sid:84556918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.243.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693817/; classtype:trojan-activity;sid:84556917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.244.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693816/; classtype:trojan-activity;sid:84556916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.54.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693815/; classtype:trojan-activity;sid:84556915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693814)"; flow:established,from_client; content:"GET"; http_method; content:"/ye9bo2snv6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z3h1.op-76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693814/; classtype:trojan-activity;sid:84556914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.31.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693813/; classtype:trojan-activity;sid:84556913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693812)"; flow:established,from_client; content:"GET"; http_method; content:"/21.check|3f|t=gzx2gdh9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ih.fe9v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693812/; classtype:trojan-activity;sid:84556912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.168.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693811/; classtype:trojan-activity;sid:84556911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693810)"; flow:established,from_client; content:"GET"; http_method; content:"/9fnrejtv8z.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k7yb.1yjp.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693810/; classtype:trojan-activity;sid:84556910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693809)"; flow:established,from_client; content:"GET"; http_method; content:"/tl0p4kfg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ih.fe9v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693809/; classtype:trojan-activity;sid:84556909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.164.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693808/; classtype:trojan-activity;sid:84556908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.137.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693807/; classtype:trojan-activity;sid:84556907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.78.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693806/; classtype:trojan-activity;sid:84556906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.250.238.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693805/; classtype:trojan-activity;sid:84556905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693804)"; flow:established,from_client; content:"GET"; http_method; content:"/rk1ftrzlru.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x0t5n.8786.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693804/; classtype:trojan-activity;sid:84556904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693803)"; flow:established,from_client; content:"GET"; http_method; content:"/tt.google|3f|t=9l1wdpfk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"v2l.be3q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693803/; classtype:trojan-activity;sid:84556903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.255.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693802/; classtype:trojan-activity;sid:84556902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693801)"; flow:established,from_client; content:"GET"; http_method; content:"/oeal0obkoc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x0t5n.8786.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693801/; classtype:trojan-activity;sid:84556901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693800)"; flow:established,from_client; content:"GET"; http_method; content:"/13.check|3f|t=erwxfor2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"s11.3-5y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693800/; classtype:trojan-activity;sid:84556900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.244.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693799/; classtype:trojan-activity;sid:84556899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.17.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693798/; classtype:trojan-activity;sid:84556898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.242.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693796/; classtype:trojan-activity;sid:84556896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.87.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693797/; classtype:trojan-activity;sid:84556897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.121.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693794/; classtype:trojan-activity;sid:84556894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.208.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693795/; classtype:trojan-activity;sid:84556895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.70.252.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693790/; classtype:trojan-activity;sid:84556890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.117.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693791/; classtype:trojan-activity;sid:84556891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.23.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693792/; classtype:trojan-activity;sid:84556892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.150.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693793/; classtype:trojan-activity;sid:84556893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693789)"; flow:established,from_client; content:"GET"; http_method; content:"/4k2mt0exnt.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w8j3.8786.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693789/; classtype:trojan-activity;sid:84556889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693788)"; flow:established,from_client; content:"GET"; http_method; content:"/x3.google|3f|t=glms7gib"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"0h.ru7x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693788/; classtype:trojan-activity;sid:84556888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.144.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693787/; classtype:trojan-activity;sid:84556887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693786)"; flow:established,from_client; content:"GET"; http_method; content:"/v06odxaw"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0h.ru7x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693786/; classtype:trojan-activity;sid:84556886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.238.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693785/; classtype:trojan-activity;sid:84556885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.182.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693784/; classtype:trojan-activity;sid:84556884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693783)"; flow:established,from_client; content:"GET"; http_method; content:"/cur9jg1wxl.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v1q0.1yjp.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693783/; classtype:trojan-activity;sid:84556883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693782)"; flow:established,from_client; content:"GET"; http_method; content:"/f1v9di8h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q8x.q3lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693782/; classtype:trojan-activity;sid:84556882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693780)"; flow:established,from_client; content:"GET"; http_method; content:"/gew.google|3f|t=keqo2can"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"q8x.q3lo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693780/; classtype:trojan-activity;sid:84556880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693781)"; flow:established,from_client; content:"GET"; http_method; content:"/x13ymyhx4z.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w8j3.8786.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693781/; classtype:trojan-activity;sid:84556881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.244.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693779/; classtype:trojan-activity;sid:84556879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.7.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693778/; classtype:trojan-activity;sid:84556878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693776)"; flow:established,from_client; content:"GET"; http_method; content:"/jxv.check|3f|t=nnsa3g24"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"3r7.77-6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693776/; classtype:trojan-activity;sid:84556876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693777)"; flow:established,from_client; content:"GET"; http_method; content:"/05dvid9h9y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w8j3.8786.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693777/; classtype:trojan-activity;sid:84556877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.72.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693775/; classtype:trojan-activity;sid:84556875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.81.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693774/; classtype:trojan-activity;sid:84556874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693773)"; flow:established,from_client; content:"GET"; http_method; content:"/sdrek3758s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k1s7.8786.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693773/; classtype:trojan-activity;sid:84556873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693772)"; flow:established,from_client; content:"GET"; http_method; content:"/opi.google|3f|t=qod0blfu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"zny.wi7e.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693772/; classtype:trojan-activity;sid:84556872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.192.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693771/; classtype:trojan-activity;sid:84556871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.182.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693770/; classtype:trojan-activity;sid:84556870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.84.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693769/; classtype:trojan-activity;sid:84556869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693767)"; flow:established,from_client; content:"GET"; http_method; content:"/4kv.google|3f|t=rztp2aac"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"g6u.m2la.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693767/; classtype:trojan-activity;sid:84556867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693768)"; flow:established,from_client; content:"GET"; http_method; content:"/1bxpr5mp56.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k1s7.8786.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693768/; classtype:trojan-activity;sid:84556868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.202.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693766/; classtype:trojan-activity;sid:84556866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.197.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693765/; classtype:trojan-activity;sid:84556865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.20.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693764/; classtype:trojan-activity;sid:84556864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693763)"; flow:established,from_client; content:"GET"; http_method; content:"/ydf.google|3f|t=vt4xa9wa"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"6c.e-dx.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693763/; classtype:trojan-activity;sid:84556863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693762)"; flow:established,from_client; content:"GET"; http_method; content:"/uqm53sari6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d4m9q.8786.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693762/; classtype:trojan-activity;sid:84556862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693760)"; flow:established,from_client; content:"GET"; http_method; content:"/h8ihkql0xx.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t2kc.1yjp.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693760/; classtype:trojan-activity;sid:84556860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693761)"; flow:established,from_client; content:"GET"; http_method; content:"/vfoaj77q"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cqi.ki8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693761/; classtype:trojan-activity;sid:84556861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.131.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693759/; classtype:trojan-activity;sid:84556859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.182.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693758/; classtype:trojan-activity;sid:84556858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693757)"; flow:established,from_client; content:"GET"; http_method; content:"/zzkjkt3xba.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d4m9q.8786.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693757/; classtype:trojan-activity;sid:84556857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693756)"; flow:established,from_client; content:"GET"; http_method; content:"/2w9.google|3f|t=k0oqmtf5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"cqi.ki8n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693756/; classtype:trojan-activity;sid:84556856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.31.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693754/; classtype:trojan-activity;sid:84556854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.197.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693755/; classtype:trojan-activity;sid:84556855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.205.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693753/; classtype:trojan-activity;sid:84556853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.156.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693752/; classtype:trojan-activity;sid:84556852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693750)"; flow:established,from_client; content:"GET"; http_method; content:"/na.google|3f|t=0hxpq21w"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"se3.t4mo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693750/; classtype:trojan-activity;sid:84556850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693751)"; flow:established,from_client; content:"GET"; http_method; content:"/5y08jq2jvn.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2y6.8786.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693751/; classtype:trojan-activity;sid:84556851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.202.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693749/; classtype:trojan-activity;sid:84556849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693748)"; flow:established,from_client; content:"GET"; http_method; content:"/20rmszktqv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2y6.8786.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693748/; classtype:trojan-activity;sid:84556848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693747)"; flow:established,from_client; content:"GET"; http_method; content:"/jdb.google|3f|t=udxfxw0c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"8a.u-v9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693747/; classtype:trojan-activity;sid:84556847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693746/; classtype:trojan-activity;sid:84556846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693744)"; flow:established,from_client; content:"GET"; http_method; content:"/ow6.google|3f|t=3t5yb3lf"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"rr.33b2.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693744/; classtype:trojan-activity;sid:84556844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693745)"; flow:established,from_client; content:"GET"; http_method; content:"/ewg6li6cvb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b2y6.8786.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693745/; classtype:trojan-activity;sid:84556845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.30.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693743/; classtype:trojan-activity;sid:84556843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.131.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693742/; classtype:trojan-activity;sid:84556842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.182.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693741/; classtype:trojan-activity;sid:84556841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.254.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693740/; classtype:trojan-activity;sid:84556840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.205.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693739/; classtype:trojan-activity;sid:84556839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.192.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693738/; classtype:trojan-activity;sid:84556838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.7.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693737/; classtype:trojan-activity;sid:84556837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693735)"; flow:established,from_client; content:"GET"; http_method; content:"/p97qemvz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x.wlh84.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693735/; classtype:trojan-activity;sid:84556835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693736)"; flow:established,from_client; content:"GET"; http_method; content:"/adodf7548f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h5c7.mjg1.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693736/; classtype:trojan-activity;sid:84556836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693734)"; flow:established,from_client; content:"GET"; http_method; content:"/mb1.check|3f|t=pkas7o1t"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"q2.wlh84.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693734/; classtype:trojan-activity;sid:84556834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693733)"; flow:established,from_client; content:"GET"; http_method; content:"/vyfqsibqn7.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n0aq.y8-8.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693733/; classtype:trojan-activity;sid:84556833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693732)"; flow:established,from_client; content:"GET"; http_method; content:"/836dpu7q"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"q2.wlh84.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693732/; classtype:trojan-activity;sid:84556832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.176.217.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693731/; classtype:trojan-activity;sid:84556831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.219.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693730/; classtype:trojan-activity;sid:84556830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.30.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693728/; classtype:trojan-activity;sid:84556828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.159.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693729/; classtype:trojan-activity;sid:84556829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693727/; classtype:trojan-activity;sid:84556827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.150.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693726/; classtype:trojan-activity;sid:84556826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.254.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693725/; classtype:trojan-activity;sid:84556825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.83.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693724/; classtype:trojan-activity;sid:84556824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693723)"; flow:established,from_client; content:"GET"; http_method; content:"/j7rbi0fsap.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q8m2.y8-8.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693723/; classtype:trojan-activity;sid:84556823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693722)"; flow:established,from_client; content:"GET"; http_method; content:"/o6zojijo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1m.595-1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693722/; classtype:trojan-activity;sid:84556822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693720)"; flow:established,from_client; content:"GET"; http_method; content:"/wi3zm3ot20.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u0v4t.mjg1.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693720/; classtype:trojan-activity;sid:84556820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693721)"; flow:established,from_client; content:"GET"; http_method; content:"/2h.google|3f|t=3mc7lcx0"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"1m.595-1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693721/; classtype:trojan-activity;sid:84556821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.218.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693719/; classtype:trojan-activity;sid:84556819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693718)"; flow:established,from_client; content:"GET"; http_method; content:"/w1n.check|3f|t=4q64r2pb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"c8.595-1.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693718/; classtype:trojan-activity;sid:84556818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.0.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693716/; classtype:trojan-activity;sid:84556816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.79.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693717/; classtype:trojan-activity;sid:84556817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693715)"; flow:established,from_client; content:"GET"; http_method; content:"/we8e2letw2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j8q2.mjg1.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693715/; classtype:trojan-activity;sid:84556815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.215.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693714/; classtype:trojan-activity;sid:84556814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693713)"; flow:established,from_client; content:"GET"; http_method; content:"/8ra9ujn162.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j8q2.mjg1.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693713/; classtype:trojan-activity;sid:84556813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693712)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=hz882uti"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.595-1.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693712/; classtype:trojan-activity;sid:84556812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.80.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693711/; classtype:trojan-activity;sid:84556811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.235.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693710/; classtype:trojan-activity;sid:84556810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.83.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693709/; classtype:trojan-activity;sid:84556809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.20.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693708/; classtype:trojan-activity;sid:84556808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.215.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693707/; classtype:trojan-activity;sid:84556807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.150.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693706/; classtype:trojan-activity;sid:84556806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.42.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693705/; classtype:trojan-activity;sid:84556805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.200.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693704/; classtype:trojan-activity;sid:84556804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693703)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/3j3uhby.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693703/; classtype:trojan-activity;sid:84556803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693701)"; flow:established,from_client; content:"GET"; http_method; content:"/48ob143x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"h1.zms-u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693701/; classtype:trojan-activity;sid:84556801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693702)"; flow:established,from_client; content:"GET"; http_method; content:"/ap10albslz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p3zy.y8-8.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693702/; classtype:trojan-activity;sid:84556802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693700)"; flow:established,from_client; content:"GET"; http_method; content:"/9fa.check|3f|t=j0isyfs5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h1.zms-u.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693700/; classtype:trojan-activity;sid:84556800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.37.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693699/; classtype:trojan-activity;sid:84556799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693698)"; flow:established,from_client; content:"GET"; http_method; content:"/nwahrwb4sj.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p3zy.y8-8.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693698/; classtype:trojan-activity;sid:84556798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.241.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693696/; classtype:trojan-activity;sid:84556796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693697)"; flow:established,from_client; content:"GET"; http_method; content:"/u9w8fs0u"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s.zms-u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693697/; classtype:trojan-activity;sid:84556797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693695)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/gbvw2ta.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693695/; classtype:trojan-activity;sid:84556795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693694)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/8mja6ad.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693694/; classtype:trojan-activity;sid:84556794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.0.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693693/; classtype:trojan-activity;sid:84556793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.117.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693692/; classtype:trojan-activity;sid:84556792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693691)"; flow:established,from_client; content:"GET"; http_method; content:"/lg8dicthz3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r1n8k.mjg1.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693691/; classtype:trojan-activity;sid:84556791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693690)"; flow:established,from_client; content:"GET"; http_method; content:"/yk.google|3f|t=77jih8bz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.zms-u.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693690/; classtype:trojan-activity;sid:84556790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.79.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693689/; classtype:trojan-activity;sid:84556789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693688)"; flow:established,from_client; content:"GET"; http_method; content:"/siwsmjs6fa.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r1n8k.mjg1.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693688/; classtype:trojan-activity;sid:84556788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693687)"; flow:established,from_client; content:"GET"; http_method; content:"/ka04.google|3f|t=3slcuo69"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"w1.7n28r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693687/; classtype:trojan-activity;sid:84556787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.80.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693685/; classtype:trojan-activity;sid:84556785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.37.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693686/; classtype:trojan-activity;sid:84556786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693684)"; flow:established,from_client; content:"GET"; http_method; content:"/gnsnnx8oez.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p6z3.mjg1.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693684/; classtype:trojan-activity;sid:84556784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693683)"; flow:established,from_client; content:"GET"; http_method; content:"/3vx.check|3f|t=n2jzt2as"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"k9.7n28r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693683/; classtype:trojan-activity;sid:84556783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.25.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_02; reference:url, urlhaus.abuse.ch/url/3693682/; classtype:trojan-activity;sid:84556782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693681)"; flow:established,from_client; content:"GET"; http_method; content:"/7t.google|3f|t=7y1hwiej"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a.7n28r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693681/; classtype:trojan-activity;sid:84556781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693680)"; flow:established,from_client; content:"GET"; http_method; content:"/erp1s0xjtv.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s4k1.5x7u.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693680/; classtype:trojan-activity;sid:84556780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693679)"; flow:established,from_client; content:"GET"; http_method; content:"/03skvnm83u.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"l5tj.e-dx.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693679/; classtype:trojan-activity;sid:84556779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693678)"; flow:established,from_client; content:"GET"; http_method; content:"/k7i8hxrr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a.7n28r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693678/; classtype:trojan-activity;sid:84556778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.195.7.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693677/; classtype:trojan-activity;sid:84556777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693676)"; flow:established,from_client; content:"GET"; http_method; content:"/sj15gdgd9v.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x9he.e-dx.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693676/; classtype:trojan-activity;sid:84556776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693675)"; flow:established,from_client; content:"GET"; http_method; content:"/r16ubo5n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x.b8c90.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693675/; classtype:trojan-activity;sid:84556775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.126.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693674/; classtype:trojan-activity;sid:84556774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693672)"; flow:established,from_client; content:"GET"; http_method; content:"/tq1.google|3f|t=eqvydx7x"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.b8c90.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693672/; classtype:trojan-activity;sid:84556772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693673)"; flow:established,from_client; content:"GET"; http_method; content:"/rnf6k9ewmp.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g2t9w.5x7u.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693673/; classtype:trojan-activity;sid:84556773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.76.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693671/; classtype:trojan-activity;sid:84556771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.15.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693670/; classtype:trojan-activity;sid:84556770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693669/; classtype:trojan-activity;sid:84556769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.232.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693668/; classtype:trojan-activity;sid:84556768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693667)"; flow:established,from_client; content:"GET"; http_method; content:"/gitr6556c0.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"u0pw.e-dx.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693667/; classtype:trojan-activity;sid:84556767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693666)"; flow:established,from_client; content:"GET"; http_method; content:"/p5pwat4x"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"e.b8c90.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693666/; classtype:trojan-activity;sid:84556766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693664)"; flow:established,from_client; content:"GET"; http_method; content:"/u8.google|3f|t=0v8bikr5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"e.b8c90.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693664/; classtype:trojan-activity;sid:84556764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693665)"; flow:established,from_client; content:"GET"; http_method; content:"/cq8q2qaann.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n5r3.5x7u.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693665/; classtype:trojan-activity;sid:84556765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.207.87.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693663/; classtype:trojan-activity;sid:84556763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693662)"; flow:established,from_client; content:"GET"; http_method; content:"/7xip25qc1j.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b6ru.e-dx.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693662/; classtype:trojan-activity;sid:84556762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693661)"; flow:established,from_client; content:"GET"; http_method; content:"/q148e838"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"z9.4kl-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693661/; classtype:trojan-activity;sid:84556761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693660)"; flow:established,from_client; content:"GET"; http_method; content:"/ya0.google|3f|t=hq93jzgk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"z9.4kl-9.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693660/; classtype:trojan-activity;sid:84556760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693659)"; flow:established,from_client; content:"GET"; http_method; content:"/wbtjthh1jc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y0p6.5x7u.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693659/; classtype:trojan-activity;sid:84556759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.196.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693658/; classtype:trojan-activity;sid:84556758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693657/; classtype:trojan-activity;sid:84556757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.126.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693656/; classtype:trojan-activity;sid:84556756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693655/; classtype:trojan-activity;sid:84556755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.76.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693654/; classtype:trojan-activity;sid:84556754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693653)"; flow:established,from_client; content:"GET"; http_method; content:"/b1ydzldknp.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b6ru.e-dx.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693653/; classtype:trojan-activity;sid:84556753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693652)"; flow:established,from_client; content:"GET"; http_method; content:"/xkfr0y0t"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"b.4kl-9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693652/; classtype:trojan-activity;sid:84556752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693651)"; flow:established,from_client; content:"GET"; http_method; content:"/q6.google|3f|t=qo7w55rz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"b.4kl-9.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693651/; classtype:trojan-activity;sid:84556751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693649)"; flow:established,from_client; content:"GET"; http_method; content:"/p.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.160.56.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693649/; classtype:trojan-activity;sid:84556749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693650)"; flow:established,from_client; content:"GET"; http_method; content:"/p.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pahawel.bessentebt.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693650/; classtype:trojan-activity;sid:84556750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693648)"; flow:established,from_client; content:"GET"; http_method; content:"/85gjoophvj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c1m8q.5x7u.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693648/; classtype:trojan-activity;sid:84556748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.25.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693647/; classtype:trojan-activity;sid:84556747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693646)"; flow:established,from_client; content:"GET"; http_method; content:"/2a9.google|3f|t=x01llef8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x8.13-yz.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693646/; classtype:trojan-activity;sid:84556746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.242.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693645/; classtype:trojan-activity;sid:84556745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693644/; classtype:trojan-activity;sid:84556744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693643)"; flow:established,from_client; content:"GET"; http_method; content:"/3m1uhbmh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x8.13-yz.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693643/; classtype:trojan-activity;sid:84556743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693642)"; flow:established,from_client; content:"GET"; http_method; content:"/y80j8wiu0e.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e1xb.e-dx.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693642/; classtype:trojan-activity;sid:84556742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.28.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693640/; classtype:trojan-activity;sid:84556740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.43.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693641/; classtype:trojan-activity;sid:84556741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.84.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693639/; classtype:trojan-activity;sid:84556739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693638/; classtype:trojan-activity;sid:84556738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.171.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693637/; classtype:trojan-activity;sid:84556737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693636)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/wbmwhoa.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693636/; classtype:trojan-activity;sid:84556736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693635/; classtype:trojan-activity;sid:84556735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693634)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/vz2cbw9.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693634/; classtype:trojan-activity;sid:84556734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.156.213.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693633/; classtype:trojan-activity;sid:84556733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.117.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693632/; classtype:trojan-activity;sid:84556732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.86.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693631/; classtype:trojan-activity;sid:84556731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.121.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693630/; classtype:trojan-activity;sid:84556730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693628)"; flow:established,from_client; content:"GET"; http_method; content:"/z2q.google|3f|t=fh4gw6f7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y7.259ox.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693628/; classtype:trojan-activity;sid:84556728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693629)"; flow:established,from_client; content:"GET"; http_method; content:"/5c2sk3bl5p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7p0d.u-v9.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693629/; classtype:trojan-activity;sid:84556729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.160.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693627/; classtype:trojan-activity;sid:84556727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.28.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693626/; classtype:trojan-activity;sid:84556726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693625)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/ervtyya.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693625/; classtype:trojan-activity;sid:84556725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693624)"; flow:established,from_client; content:"GET"; http_method; content:"/files/5638395652/vo7vnub.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693624/; classtype:trojan-activity;sid:84556724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.27.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693623/; classtype:trojan-activity;sid:84556723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.89.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693622/; classtype:trojan-activity;sid:84556722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.59.8.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693621/; classtype:trojan-activity;sid:84556721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.206.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693620/; classtype:trojan-activity;sid:84556720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.206.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693619/; classtype:trojan-activity;sid:84556719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.29.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693618/; classtype:trojan-activity;sid:84556718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.246.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693617/; classtype:trojan-activity;sid:84556717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693616/; classtype:trojan-activity;sid:84556716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.96.119.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693615/; classtype:trojan-activity;sid:84556715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693614)"; flow:established,from_client; content:"GET"; http_method; content:"/xl1laoq5pi.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j4da.18yk.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693614/; classtype:trojan-activity;sid:84556714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693613)"; flow:established,from_client; content:"GET"; http_method; content:"/pl8t79mb"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"p.259ox.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693613/; classtype:trojan-activity;sid:84556713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693611)"; flow:established,from_client; content:"GET"; http_method; content:"/d5.google|3f|t=2sw6i75j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"p.259ox.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693611/; classtype:trojan-activity;sid:84556711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693612)"; flow:established,from_client; content:"GET"; http_method; content:"/qmw8z4u7t8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a8t1.u-v9.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693612/; classtype:trojan-activity;sid:84556712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693610)"; flow:established,from_client; content:"GET"; http_method; content:"/z8utx4xt6n.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j4da.18yk.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693610/; classtype:trojan-activity;sid:84556710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693609)"; flow:established,from_client; content:"GET"; http_method; content:"/25plojlo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"v3.kuq5g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693609/; classtype:trojan-activity;sid:84556709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.67.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693608/; classtype:trojan-activity;sid:84556708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693606)"; flow:established,from_client; content:"GET"; http_method; content:"/l9n.google|3f|t=0idudtir"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"v3.kuq5g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693606/; classtype:trojan-activity;sid:84556706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693607)"; flow:established,from_client; content:"GET"; http_method; content:"/aol3hzwjf8.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a8t1.u-v9.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693607/; classtype:trojan-activity;sid:84556707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.194.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693605/; classtype:trojan-activity;sid:84556705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.160.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693604/; classtype:trojan-activity;sid:84556704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.64.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693603/; classtype:trojan-activity;sid:84556703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.27.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693602/; classtype:trojan-activity;sid:84556702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.59.8.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693601/; classtype:trojan-activity;sid:84556701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693600)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.29.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693600/; classtype:trojan-activity;sid:84556700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693599)"; flow:established,from_client; content:"GET"; http_method; content:"/8pcuemar7t.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m9r2q.u-v9.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693599/; classtype:trojan-activity;sid:84556699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693598)"; flow:established,from_client; content:"GET"; http_method; content:"/0ap.check|3f|t=bqptsqo6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"h2.kuq5g.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693598/; classtype:trojan-activity;sid:84556698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693597)"; flow:established,from_client; content:"GET"; http_method; content:"/a4hvjww8p0.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2qm.18yk.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693597/; classtype:trojan-activity;sid:84556697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693596)"; flow:established,from_client; content:"GET"; http_method; content:"/153a20p2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s.kuq5g.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693596/; classtype:trojan-activity;sid:84556696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.43.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693595/; classtype:trojan-activity;sid:84556695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.217.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693594/; classtype:trojan-activity;sid:84556694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693593)"; flow:established,from_client; content:"GET"; http_method; content:"/m4x7tmagnk.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m9r2q.u-v9.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693593/; classtype:trojan-activity;sid:84556693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693592)"; flow:established,from_client; content:"GET"; http_method; content:"/e4.google|3f|t=43uy94mq"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"s.kuq5g.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693592/; classtype:trojan-activity;sid:84556692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.58.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693590/; classtype:trojan-activity;sid:84556690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.67.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693591/; classtype:trojan-activity;sid:84556691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693589)"; flow:established,from_client; content:"GET"; http_method; content:"/7t3.google|3f|t=5fhapgt6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"x.u-na5.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693589/; classtype:trojan-activity;sid:84556689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693588)"; flow:established,from_client; content:"GET"; http_method; content:"/id46f8mcoh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z6c4p.1r55.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693588/; classtype:trojan-activity;sid:84556688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.65.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693587/; classtype:trojan-activity;sid:84556687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.239.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693586/; classtype:trojan-activity;sid:84556686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693585)"; flow:established,from_client; content:"GET"; http_method; content:"/jhj01lnsgy.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z6c4p.1r55.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693585/; classtype:trojan-activity;sid:84556685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693584)"; flow:established,from_client; content:"GET"; http_method; content:"/q1n.check|3f|t=9ju9d9ti"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"m9.u-na5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693584/; classtype:trojan-activity;sid:84556684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.83.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693583/; classtype:trojan-activity;sid:84556683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.242.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693582/; classtype:trojan-activity;sid:84556682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.174.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693581/; classtype:trojan-activity;sid:84556681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.121.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693580/; classtype:trojan-activity;sid:84556680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.217.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693578/; classtype:trojan-activity;sid:84556678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.248.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693579/; classtype:trojan-activity;sid:84556679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693577)"; flow:established,from_client; content:"GET"; http_method; content:"/xunmsnkg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"m9.u-na5.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693577/; classtype:trojan-activity;sid:84556677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693576)"; flow:established,from_client; content:"GET"; http_method; content:"/4nqqme0iwc.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w8nz.18yk.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693576/; classtype:trojan-activity;sid:84556676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.58.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693575/; classtype:trojan-activity;sid:84556675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.239.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693573/; classtype:trojan-activity;sid:84556673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.71.60.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693574/; classtype:trojan-activity;sid:84556674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.65.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693572/; classtype:trojan-activity;sid:84556672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.209.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693570/; classtype:trojan-activity;sid:84556670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.238.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693571/; classtype:trojan-activity;sid:84556671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.250.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693566/; classtype:trojan-activity;sid:84556666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.206.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693567/; classtype:trojan-activity;sid:84556667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.201.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693568/; classtype:trojan-activity;sid:84556668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.24.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693569/; classtype:trojan-activity;sid:84556669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693565)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.97.223.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693565/; classtype:trojan-activity;sid:84556665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.30.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693563/; classtype:trojan-activity;sid:84556663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693561)"; flow:established,from_client; content:"GET"; http_method; content:"/w241xibqsz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c0p3.18yk.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693561/; classtype:trojan-activity;sid:84556661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693562)"; flow:established,from_client; content:"GET"; http_method; content:"/or70fxpq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a.u-na5.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693562/; classtype:trojan-activity;sid:84556662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.23.136.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693560/; classtype:trojan-activity;sid:84556660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693559)"; flow:established,from_client; content:"GET"; http_method; content:"/of8285m93u.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l0t8.1r55.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693559/; classtype:trojan-activity;sid:84556659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693558)"; flow:established,from_client; content:"GET"; http_method; content:"/cji.google|3f|t=0ou6pi1h"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sp.t1va.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693558/; classtype:trojan-activity;sid:84556658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.54.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693557/; classtype:trojan-activity;sid:84556657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693556)"; flow:established,from_client; content:"GET"; http_method; content:"/qlkfic83e9.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c0p3.18yk.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693556/; classtype:trojan-activity;sid:84556656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693555)"; flow:established,from_client; content:"GET"; http_method; content:"/99muocpn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sp.t1va.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693555/; classtype:trojan-activity;sid:84556655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693554/; classtype:trojan-activity;sid:84556654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693553/; classtype:trojan-activity;sid:84556653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.151.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693552/; classtype:trojan-activity;sid:84556652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.152.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693551/; classtype:trojan-activity;sid:84556651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693550)"; flow:established,from_client; content:"GET"; http_method; content:"/gcr47oal8b.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"l0t8.1r55.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693550/; classtype:trojan-activity;sid:84556650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693549)"; flow:established,from_client; content:"GET"; http_method; content:"/bv.check|3f|t=cl10urog"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"s9n.zo8k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693549/; classtype:trojan-activity;sid:84556649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693548)"; flow:established,from_client; content:"GET"; http_method; content:"/jnyy5nhuvk.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a9x7.crju.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693548/; classtype:trojan-activity;sid:84556648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693547)"; flow:established,from_client; content:"GET"; http_method; content:"/shtblvm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s9n.zo8k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693547/; classtype:trojan-activity;sid:84556647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.21.31.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693546/; classtype:trojan-activity;sid:84556646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693545)"; flow:established,from_client; content:"GET"; http_method; content:"/5cc.google|3f|t=xl8whubi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"f5e.qo1s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693545/; classtype:trojan-activity;sid:84556645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693544)"; flow:established,from_client; content:"GET"; http_method; content:"/64chtq6lzh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x3b5n.1r55.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693544/; classtype:trojan-activity;sid:84556644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693543)"; flow:established,from_client; content:"GET"; http_method; content:"/j7zwrx0l"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f5e.qo1s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693543/; classtype:trojan-activity;sid:84556643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.15.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693542/; classtype:trojan-activity;sid:84556642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.147.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693541/; classtype:trojan-activity;sid:84556641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.41.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693540/; classtype:trojan-activity;sid:84556640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693539)"; flow:established,from_client; content:"GET"; http_method; content:"/dcg3sl212t.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k5h2.crju.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693539/; classtype:trojan-activity;sid:84556639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693538)"; flow:established,from_client; content:"GET"; http_method; content:"/d234qtc5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2i.da6v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693538/; classtype:trojan-activity;sid:84556638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.114.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693537/; classtype:trojan-activity;sid:84556637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693535)"; flow:established,from_client; content:"GET"; http_method; content:"/cr2.check|3f|t=rfb4b3kk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"2i.da6v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693535/; classtype:trojan-activity;sid:84556635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693536)"; flow:established,from_client; content:"GET"; http_method; content:"/39qvy1474p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"x3b5n.1r55.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693536/; classtype:trojan-activity;sid:84556636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693534/; classtype:trojan-activity;sid:84556634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693533)"; flow:established,from_client; content:"GET"; http_method; content:"/7z11ynhi5p.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k5h2.crju.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693533/; classtype:trojan-activity;sid:84556633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693532)"; flow:established,from_client; content:"GET"; http_method; content:"/1alvl7jk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vkf.yq2r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693532/; classtype:trojan-activity;sid:84556632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.151.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693531/; classtype:trojan-activity;sid:84556631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.204.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693530/; classtype:trojan-activity;sid:84556630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693528)"; flow:established,from_client; content:"GET"; http_method; content:"/6ib.check|3f|t=lfr3xf01"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vkf.yq2r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693528/; classtype:trojan-activity;sid:84556628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693529)"; flow:established,from_client; content:"GET"; http_method; content:"/sbq53ezrkq.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e7v1.1r55.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693529/; classtype:trojan-activity;sid:84556629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.226.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693526/; classtype:trojan-activity;sid:84556626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.171.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693527/; classtype:trojan-activity;sid:84556627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.114.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693525/; classtype:trojan-activity;sid:84556625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693524)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7948739500/s5n53k5.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693524/; classtype:trojan-activity;sid:84556624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693522)"; flow:established,from_client; content:"GET"; http_method; content:"/zu0.google|3f|t=loq1rbr8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"3z6.bo8y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693522/; classtype:trojan-activity;sid:84556622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693523)"; flow:established,from_client; content:"GET"; http_method; content:"/wiqz9v7y6r.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e7v1.1r55.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693523/; classtype:trojan-activity;sid:84556623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693520/; classtype:trojan-activity;sid:84556620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.87.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693521/; classtype:trojan-activity;sid:84556621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693518)"; flow:established,from_client; content:"GET"; http_method; content:"/x4k.google|3f|t=3uaqmbp9"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mnp.mi9q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693518/; classtype:trojan-activity;sid:84556618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693519)"; flow:established,from_client; content:"GET"; http_method; content:"/2d31qrvt3q.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"e7v1.1r55.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693519/; classtype:trojan-activity;sid:84556619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.21.31.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693517/; classtype:trojan-activity;sid:84556617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693516/; classtype:trojan-activity;sid:84556616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.84.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693515/; classtype:trojan-activity;sid:84556615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693514/; classtype:trojan-activity;sid:84556614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693513)"; flow:established,from_client; content:"GET"; http_method; content:"/ekr3jvvm03.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d3yl.crju.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693513/; classtype:trojan-activity;sid:84556613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693512)"; flow:established,from_client; content:"GET"; http_method; content:"/bovwkisk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mnp.mi9q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693512/; classtype:trojan-activity;sid:84556612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693511)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7044575709/6am5fls.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693511/; classtype:trojan-activity;sid:84556611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.78.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693510/; classtype:trojan-activity;sid:84556610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693509)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.76.144.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693509/; classtype:trojan-activity;sid:84556609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693508)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"18.116.114.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693508/; classtype:trojan-activity;sid:84556608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.195.111.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693507/; classtype:trojan-activity;sid:84556607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.229.245.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693505/; classtype:trojan-activity;sid:84556605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.49.232"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693506/; classtype:trojan-activity;sid:84556606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.147.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693499/; classtype:trojan-activity;sid:84556599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.10.0.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693500/; classtype:trojan-activity;sid:84556600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.236.15.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693501/; classtype:trojan-activity;sid:84556601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.168.174.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693502/; classtype:trojan-activity;sid:84556602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.106.133.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693503/; classtype:trojan-activity;sid:84556603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.235.248.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693504/; classtype:trojan-activity;sid:84556604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.8.146.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693498/; classtype:trojan-activity;sid:84556598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693497/; classtype:trojan-activity;sid:84556597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693496)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"36.92.110.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693496/; classtype:trojan-activity;sid:84556596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693494)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.187.160.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693494/; classtype:trojan-activity;sid:84556594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693495)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.174.183.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693495/; classtype:trojan-activity;sid:84556595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693490)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.74.91.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693490/; classtype:trojan-activity;sid:84556590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693491)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.242.198.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693491/; classtype:trojan-activity;sid:84556591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693492)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"41.246.163.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693492/; classtype:trojan-activity;sid:84556592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.176.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693493/; classtype:trojan-activity;sid:84556593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693488)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.179.141.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693488/; classtype:trojan-activity;sid:84556588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693489)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.165.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693489/; classtype:trojan-activity;sid:84556589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693487)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.224.139.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693487/; classtype:trojan-activity;sid:84556587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693486)"; flow:established,from_client; content:"GET"; http_method; content:"/0bw0qgi6n9.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v8jd.crju.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693486/; classtype:trojan-activity;sid:84556586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693485)"; flow:established,from_client; content:"GET"; http_method; content:"/kzakb3fg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xue.re7x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693485/; classtype:trojan-activity;sid:84556585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693484)"; flow:established,from_client; content:"GET"; http_method; content:"/519.google|3f|t=o2yz2my8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"xue.re7x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693484/; classtype:trojan-activity;sid:84556584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693483)"; flow:established,from_client; content:"GET"; http_method; content:"/okrxfp8e70.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h2q9m.1r55.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693483/; classtype:trojan-activity;sid:84556583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.108.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693482/; classtype:trojan-activity;sid:84556582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.171.177.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693481/; classtype:trojan-activity;sid:84556581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.31.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693480/; classtype:trojan-activity;sid:84556580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693479)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693479/; classtype:trojan-activity;sid:84556579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693469)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693469/; classtype:trojan-activity;sid:84556569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693470)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693470/; classtype:trojan-activity;sid:84556570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693471)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693471/; classtype:trojan-activity;sid:84556571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693472)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693472/; classtype:trojan-activity;sid:84556572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693473)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693473/; classtype:trojan-activity;sid:84556573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693474)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693474/; classtype:trojan-activity;sid:84556574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693475)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693475/; classtype:trojan-activity;sid:84556575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693476)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693476/; classtype:trojan-activity;sid:84556576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693477)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693477/; classtype:trojan-activity;sid:84556577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693478)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.16.54.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693478/; classtype:trojan-activity;sid:84556578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693468)"; flow:established,from_client; content:"GET"; http_method; content:"/de11ixa0gh.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h2q9m.1r55.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693468/; classtype:trojan-activity;sid:84556568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693467)"; flow:established,from_client; content:"GET"; http_method; content:"/gyj.check|3f|t=buhw55y5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qa.wi7o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693467/; classtype:trojan-activity;sid:84556567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.192.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693466/; classtype:trojan-activity;sid:84556566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693464)"; flow:established,from_client; content:"GET"; http_method; content:"/s2xa5ahl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qa.wi7o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693464/; classtype:trojan-activity;sid:84556564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693465)"; flow:established,from_client; content:"GET"; http_method; content:"/ells7ix2v4.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v8jd.crju.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693465/; classtype:trojan-activity;sid:84556565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.21.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693463/; classtype:trojan-activity;sid:84556563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.41.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693462/; classtype:trojan-activity;sid:84556562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.31.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693461/; classtype:trojan-activity;sid:84556561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.198.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693460/; classtype:trojan-activity;sid:84556560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693459)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.isis"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693459/; classtype:trojan-activity;sid:84556559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693458)"; flow:established,from_client; content:"GET"; http_method; content:"/zj2.check|3f|t=m776wxfd"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gh.gi0x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693458/; classtype:trojan-activity;sid:84556558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693457)"; flow:established,from_client; content:"GET"; http_method; content:"/oisb7qczyc.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w7p2g.yldv.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693457/; classtype:trojan-activity;sid:84556557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.1.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693456/; classtype:trojan-activity;sid:84556556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.147.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693455/; classtype:trojan-activity;sid:84556555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.118.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693454/; classtype:trojan-activity;sid:84556554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693453)"; flow:established,from_client; content:"GET"; http_method; content:"/u5.check|3f|t=0zwunufh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"jyn.va4n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693453/; classtype:trojan-activity;sid:84556553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693452)"; flow:established,from_client; content:"GET"; http_method; content:"/zy4v3su32f.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"w7p2g.yldv.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693452/; classtype:trojan-activity;sid:84556552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.174.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693451/; classtype:trojan-activity;sid:84556551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.121.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693450/; classtype:trojan-activity;sid:84556550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.147.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693449/; classtype:trojan-activity;sid:84556549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693448)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6999032883/zf0im8j.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693448/; classtype:trojan-activity;sid:84556548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.1.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693447/; classtype:trojan-activity;sid:84556547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693446)"; flow:established,from_client; content:"GET"; http_method; content:"/npb.google|3f|t=sh4urcaa"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"4l.ve5l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693446/; classtype:trojan-activity;sid:84556546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693445)"; flow:established,from_client; content:"GET"; http_method; content:"/kac1l53tih.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f0k4.yldv.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693445/; classtype:trojan-activity;sid:84556545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693444)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi3fxs418.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n9k3.3-5y.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693444/; classtype:trojan-activity;sid:84556544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693443)"; flow:established,from_client; content:"GET"; http_method; content:"/sqsrv2jz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qqc.lo2p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693443/; classtype:trojan-activity;sid:84556543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693442/; classtype:trojan-activity;sid:84556542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693441)"; flow:established,from_client; content:"GET"; http_method; content:"/rc4ph715f4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f0k4.yldv.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693441/; classtype:trojan-activity;sid:84556541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693440)"; flow:established,from_client; content:"GET"; http_method; content:"/pc.google|3f|t=izmsvrmt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"qqc.lo2p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693440/; classtype:trojan-activity;sid:84556540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.118.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693439/; classtype:trojan-activity;sid:84556539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693438)"; flow:established,from_client; content:"GET"; http_method; content:"/jhv3vz62nj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"f0k4.yldv.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693438/; classtype:trojan-activity;sid:84556538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693437)"; flow:established,from_client; content:"GET"; http_method; content:"/sbw.check|3f|t=9hk35f64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ei.je9t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693437/; classtype:trojan-activity;sid:84556537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693436)"; flow:established,from_client; content:"GET"; http_method; content:"/pexohlo3t5.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y4tn.3-5y.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693436/; classtype:trojan-activity;sid:84556536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693435)"; flow:established,from_client; content:"GET"; http_method; content:"/hv7k0taq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7jp.fi0m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693435/; classtype:trojan-activity;sid:84556535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.198.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693434/; classtype:trojan-activity;sid:84556534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693433/; classtype:trojan-activity;sid:84556533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693431)"; flow:established,from_client; content:"GET"; http_method; content:"/du.google|3f|t=5kb5g1dm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"7jp.fi0m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693431/; classtype:trojan-activity;sid:84556531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693432)"; flow:established,from_client; content:"GET"; http_method; content:"/ylenra22nx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d3tzn.yldv.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693432/; classtype:trojan-activity;sid:84556532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.200.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693430/; classtype:trojan-activity;sid:84556530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693429/; classtype:trojan-activity;sid:84556529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693427)"; flow:established,from_client; content:"GET"; http_method; content:"/00.google|3f|t=omcobky3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lou.pe8d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693427/; classtype:trojan-activity;sid:84556527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693428)"; flow:established,from_client; content:"GET"; http_method; content:"/dxe6m7n52x.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s8j1.yldv.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693428/; classtype:trojan-activity;sid:84556528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693426)"; flow:established,from_client; content:"GET"; http_method; content:"/3awdhr4vzx.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"q1v8.3-5y.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693426/; classtype:trojan-activity;sid:84556526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693425)"; flow:established,from_client; content:"GET"; http_method; content:"/u8pz5x0q"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"7v7.ha5r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693425/; classtype:trojan-activity;sid:84556525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.158.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693424/; classtype:trojan-activity;sid:84556524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693423/; classtype:trojan-activity;sid:84556523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.116.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693422/; classtype:trojan-activity;sid:84556522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693420)"; flow:established,from_client; content:"GET"; http_method; content:"/02.google|3f|t=yk7g8xa8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"8n.n6ri.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693420/; classtype:trojan-activity;sid:84556520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693421)"; flow:established,from_client; content:"GET"; http_method; content:"/xk9uis3plj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s8j1.yldv.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693421/; classtype:trojan-activity;sid:84556521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.49.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693419/; classtype:trojan-activity;sid:84556519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.27.199.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693418/; classtype:trojan-activity;sid:84556518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693417)"; flow:established,from_client; content:"GET"; http_method; content:"/n33c5ny7ro.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"l2c7.5-rt.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693417/; classtype:trojan-activity;sid:84556517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693414)"; flow:established,from_client; content:"GET"; http_method; content:"/sq.google|3f|t=cp8s3hpr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"hnz.x3le.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693414/; classtype:trojan-activity;sid:84556514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693415)"; flow:established,from_client; content:"GET"; http_method; content:"/qz1sh46n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hnz.x3le.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693415/; classtype:trojan-activity;sid:84556515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693416)"; flow:established,from_client; content:"GET"; http_method; content:"/r0taljjuri.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r6mqa.yldv.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693416/; classtype:trojan-activity;sid:84556516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693413)"; flow:established,from_client; content:"GET"; http_method; content:"/owxgcy2i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"6d.m2jo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693413/; classtype:trojan-activity;sid:84556513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693412)"; flow:established,from_client; content:"GET"; http_method; content:"/rlsrlq484k.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"l2c7.5-rt.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693412/; classtype:trojan-activity;sid:84556512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693411)"; flow:established,from_client; content:"GET"; http_method; content:"/w3o.check|3f|t=7o2jmo9j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"6d.m2jo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693411/; classtype:trojan-activity;sid:84556511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693410)"; flow:established,from_client; content:"GET"; http_method; content:"/mg1s2p8pc4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r6mqa.yldv.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693410/; classtype:trojan-activity;sid:84556510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.164.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693409/; classtype:trojan-activity;sid:84556509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.59.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693408/; classtype:trojan-activity;sid:84556508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.49.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693407/; classtype:trojan-activity;sid:84556507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693406)"; flow:established,from_client; content:"GET"; http_method; content:"/43tt0advwn.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x5pw.5-rt.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693406/; classtype:trojan-activity;sid:84556506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693405)"; flow:established,from_client; content:"GET"; http_method; content:"/79zk4rzp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fr.t1va.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693405/; classtype:trojan-activity;sid:84556505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693404)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/4fmd5ve.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693404/; classtype:trojan-activity;sid:84556504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693403)"; flow:established,from_client; content:"GET"; http_method; content:"/4zg43dzv75.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r6mqa.yldv.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693403/; classtype:trojan-activity;sid:84556503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693402)"; flow:established,from_client; content:"GET"; http_method; content:"/1mh.google|3f|t=rn3eqk9c"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fr.t1va.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693402/; classtype:trojan-activity;sid:84556502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.116.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693401/; classtype:trojan-activity;sid:84556501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.78.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693400/; classtype:trojan-activity;sid:84556500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.116.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693399/; classtype:trojan-activity;sid:84556499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693398)"; flow:established,from_client; content:"GET"; http_method; content:"/e6n.google|3f|t=bo1rm0la"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"p1.qo1s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693398/; classtype:trojan-activity;sid:84556498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.59.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693397/; classtype:trojan-activity;sid:84556497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.103.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693395/; classtype:trojan-activity;sid:84556495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.246.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693396/; classtype:trojan-activity;sid:84556496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693394)"; flow:established,from_client; content:"GET"; http_method; content:"/j2.google|3f|t=wzkxgagz"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fjd.da6v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693394/; classtype:trojan-activity;sid:84556494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693393)"; flow:established,from_client; content:"GET"; http_method; content:"/qc9wacw7v3.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p1wy.71o9.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693393/; classtype:trojan-activity;sid:84556493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.238.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693392/; classtype:trojan-activity;sid:84556492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.48.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693391/; classtype:trojan-activity;sid:84556491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.78.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693390/; classtype:trojan-activity;sid:84556490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.158.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693389/; classtype:trojan-activity;sid:84556489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.215.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693388/; classtype:trojan-activity;sid:84556488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.152.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693387/; classtype:trojan-activity;sid:84556487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693385)"; flow:established,from_client; content:"GET"; http_method; content:"/gx.check|3f|t=i8a5o0u9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tz.yq2r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693385/; classtype:trojan-activity;sid:84556485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693386)"; flow:established,from_client; content:"GET"; http_method; content:"/dklhs7wwqr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"p1wy.71o9.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693386/; classtype:trojan-activity;sid:84556486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.116.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693384/; classtype:trojan-activity;sid:84556484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693383)"; flow:established,from_client; content:"GET"; http_method; content:"/cc5t924rzl.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"s2t4.33b2.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693383/; classtype:trojan-activity;sid:84556483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693382)"; flow:established,from_client; content:"GET"; http_method; content:"/ata0ye7z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"y8h.bo8y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693382/; classtype:trojan-activity;sid:84556482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.43.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693381/; classtype:trojan-activity;sid:84556481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.35.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693380/; classtype:trojan-activity;sid:84556480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693378)"; flow:established,from_client; content:"GET"; http_method; content:"/ve.check|3f|t=2vapskhx"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"y8h.bo8y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693378/; classtype:trojan-activity;sid:84556478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693379)"; flow:established,from_client; content:"GET"; http_method; content:"/6u3kao0vak.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b9h2x.71o9.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693379/; classtype:trojan-activity;sid:84556479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.238.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693377/; classtype:trojan-activity;sid:84556477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693376)"; flow:established,from_client; content:"GET"; http_method; content:"/zpwl0n6m9s.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"b9h2x.71o9.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693376/; classtype:trojan-activity;sid:84556476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693375)"; flow:established,from_client; content:"GET"; http_method; content:"/uwk.google|3f|t=m4tew602"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"a1.mi9q.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693375/; classtype:trojan-activity;sid:84556475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.15.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693374/; classtype:trojan-activity;sid:84556474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.152.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693373/; classtype:trojan-activity;sid:84556473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693372)"; flow:established,from_client; content:"GET"; http_method; content:"/i0l14289nz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b5mx.33b2.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693372/; classtype:trojan-activity;sid:84556472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693371)"; flow:established,from_client; content:"GET"; http_method; content:"/ooygiy3i"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"1p2.re7x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693371/; classtype:trojan-activity;sid:84556471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.42.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693370/; classtype:trojan-activity;sid:84556470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.103.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693369/; classtype:trojan-activity;sid:84556469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.117.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693368/; classtype:trojan-activity;sid:84556468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693367)"; flow:established,from_client; content:"GET"; http_method; content:"/4gmot6k1km.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4zt.71o9.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693367/; classtype:trojan-activity;sid:84556467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693366)"; flow:established,from_client; content:"GET"; http_method; content:"/muq.check|3f|t=rl3qous3"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ayx.wi7o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693366/; classtype:trojan-activity;sid:84556466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.35.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693365/; classtype:trojan-activity;sid:84556465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693363/; classtype:trojan-activity;sid:84556463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693364)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6202691699/gbmkvfq.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693364/; classtype:trojan-activity;sid:84556464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693361)"; flow:established,from_client; content:"GET"; http_method; content:"/4x.google|3f|t=76xeeijt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4q.gi0x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693361/; classtype:trojan-activity;sid:84556461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693362)"; flow:established,from_client; content:"GET"; http_method; content:"/dw2cea7opm.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"g4zt.71o9.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693362/; classtype:trojan-activity;sid:84556462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.43.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693360/; classtype:trojan-activity;sid:84556460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.204.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693359/; classtype:trojan-activity;sid:84556459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693358/; classtype:trojan-activity;sid:84556458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693357)"; flow:established,from_client; content:"GET"; http_method; content:"/x3jm36oudn.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w3d.33b2.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693357/; classtype:trojan-activity;sid:84556457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693356)"; flow:established,from_client; content:"GET"; http_method; content:"/jf5lky11"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hzr.va4n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693356/; classtype:trojan-activity;sid:84556456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693355)"; flow:established,from_client; content:"GET"; http_method; content:"/xmv.google|3f|t=9e50hybu"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hzr.va4n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693355/; classtype:trojan-activity;sid:84556455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693354)"; flow:established,from_client; content:"GET"; http_method; content:"/cjtd5bdali.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n2v5m.71o9.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693354/; classtype:trojan-activity;sid:84556454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.86.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693353/; classtype:trojan-activity;sid:84556453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693352)"; flow:established,from_client; content:"GET"; http_method; content:"/a7tdss9p8b.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w3d.33b2.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693352/; classtype:trojan-activity;sid:84556452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693351)"; flow:established,from_client; content:"GET"; http_method; content:"/cxphaz9w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bs.zo4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693351/; classtype:trojan-activity;sid:84556451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693350)"; flow:established,from_client; content:"GET"; http_method; content:"/gfpk331y8g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"n2v5m.71o9.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693350/; classtype:trojan-activity;sid:84556450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693349)"; flow:established,from_client; content:"GET"; http_method; content:"/go.check|3f|t=phhcdfgw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"bs.zo4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693349/; classtype:trojan-activity;sid:84556449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.8.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693348/; classtype:trojan-activity;sid:84556448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.251.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693347/; classtype:trojan-activity;sid:84556447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693346)"; flow:established,from_client; content:"GET"; http_method; content:"/qdo.check|3f|t=y2ms7gjf"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dr5.ve5l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693346/; classtype:trojan-activity;sid:84556446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.2.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693345/; classtype:trojan-activity;sid:84556445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693344)"; flow:established,from_client; content:"GET"; http_method; content:"/3md9s7h1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sxw.lo2p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693344/; classtype:trojan-activity;sid:84556444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693343)"; flow:established,from_client; content:"GET"; http_method; content:"/xsjvgtl7cd.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h6p4t.1z57.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693343/; classtype:trojan-activity;sid:84556443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.201.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693342/; classtype:trojan-activity;sid:84556442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693341/; classtype:trojan-activity;sid:84556441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693339)"; flow:established,from_client; content:"GET"; http_method; content:"/ryh56a5bc4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"k7q3.71o9.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693339/; classtype:trojan-activity;sid:84556439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693340)"; flow:established,from_client; content:"GET"; http_method; content:"/hv3.check|3f|t=mid5oh2r"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sxw.lo2p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693340/; classtype:trojan-activity;sid:84556440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693337)"; flow:established,from_client; content:"GET"; http_method; content:"/3syvqjx1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gz.je9t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693337/; classtype:trojan-activity;sid:84556437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693338)"; flow:established,from_client; content:"GET"; http_method; content:"/lmvlqmuxbo.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h6p4t.1z57.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693338/; classtype:trojan-activity;sid:84556438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.92.50.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693336/; classtype:trojan-activity;sid:84556436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693335)"; flow:established,from_client; content:"GET"; http_method; content:"/qlzx7i8p8y.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u9ped.op76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693335/; classtype:trojan-activity;sid:84556435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693334)"; flow:established,from_client; content:"GET"; http_method; content:"/q5z.google|3f|t=syagnao4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"gz.je9t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693334/; classtype:trojan-activity;sid:84556434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.85.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693333/; classtype:trojan-activity;sid:84556433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.251.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693332/; classtype:trojan-activity;sid:84556432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.2.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693331/; classtype:trojan-activity;sid:84556431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693330/; classtype:trojan-activity;sid:84556430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.241.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693329/; classtype:trojan-activity;sid:84556429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.249.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693326/; classtype:trojan-activity;sid:84556426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.173.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693327/; classtype:trojan-activity;sid:84556427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.152.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693328/; classtype:trojan-activity;sid:84556428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693325)"; flow:established,from_client; content:"GET"; http_method; content:"/z30.google|3f|t=nxb71cmg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"y7g.fi0m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693325/; classtype:trojan-activity;sid:84556425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693324)"; flow:established,from_client; content:"GET"; http_method; content:"/1irhyg5025.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j0xk.op76.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693324/; classtype:trojan-activity;sid:84556424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693321)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693321/; classtype:trojan-activity;sid:84556421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693322)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693322/; classtype:trojan-activity;sid:84556422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693323)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.31.222.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693323/; classtype:trojan-activity;sid:84556423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.198.133.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693320/; classtype:trojan-activity;sid:84556420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693306)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.241.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693306/; classtype:trojan-activity;sid:84556406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693307)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.241.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693307/; classtype:trojan-activity;sid:84556407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693308)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.241.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693308/; classtype:trojan-activity;sid:84556408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693309)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693309/; classtype:trojan-activity;sid:84556409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693310)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693310/; classtype:trojan-activity;sid:84556410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693311)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693311/; classtype:trojan-activity;sid:84556411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693312)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693312/; classtype:trojan-activity;sid:84556412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693313)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.241.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693313/; classtype:trojan-activity;sid:84556413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693314)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.241.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693314/; classtype:trojan-activity;sid:84556414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693315)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.i468"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693315/; classtype:trojan-activity;sid:84556415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693316)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693316/; classtype:trojan-activity;sid:84556416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693317)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693317/; classtype:trojan-activity;sid:84556417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693318)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693318/; classtype:trojan-activity;sid:84556418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693319)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693319/; classtype:trojan-activity;sid:84556419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693305)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gaz.headedshaky.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693305/; classtype:trojan-activity;sid:84556405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693303)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"g5133a.glosscreate.digital"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693303/; classtype:trojan-activity;sid:84556403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693304)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gas.cornedbath.digital"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693304/; classtype:trojan-activity;sid:84556404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693302)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/fullbet138.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"warkopshopfb138.cc"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693302/; classtype:trojan-activity;sid:84556402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693301)"; flow:established,from_client; content:"GET"; http_method; content:"/cgyy.wav"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"spaasturias.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693301/; classtype:trojan-activity;sid:84556401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693300)"; flow:established,from_client; content:"GET"; http_method; content:"/engelvoelkers.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pelis25.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693300/; classtype:trojan-activity;sid:84556400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693299)"; flow:established,from_client; content:"GET"; http_method; content:"/cd/0/get/c0x3hnbxahkuyaoigihwdw3br5r6zl3fhtyjwumcnugw11q52vae-0hxsvef9tgzn35r0nsi5vyjukwjthg2ud9jayhatvx1iya718qjgp7-tmxm15r_qg5cdtsifh7qehpptqyp7hiblrjizbiiyocl/file|3f|dl=1"; http_uri; depth:175; isdataat:!1,relative; nocase; content:"uc93a70a7b58d6bd35bb8007e3b9.dl.dropboxusercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693299/; classtype:trojan-activity;sid:84556399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693297)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.163.118.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693297/; classtype:trojan-activity;sid:84556397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693298)"; flow:established,from_client; content:"GET"; http_method; content:"/trusted_gali_disawar.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wapibotix.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693298/; classtype:trojan-activity;sid:84556398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693296)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok18.apk"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"tikitok-playgoolge.sbs"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693296/; classtype:trojan-activity;sid:84556396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693295)"; flow:established,from_client; content:"GET"; http_method; content:"/xjeelshz/build.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"162.0.225.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693295/; classtype:trojan-activity;sid:84556395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693293)"; flow:established,from_client; content:"GET"; http_method; content:"/8cz.google|3f|t=77lrwqqy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"6r8.pe8d.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693293/; classtype:trojan-activity;sid:84556393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693294)"; flow:established,from_client; content:"GET"; http_method; content:"/bjx7al6eka.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j0xk.op76.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693294/; classtype:trojan-activity;sid:84556394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693292)"; flow:established,from_client; content:"GET"; http_method; content:"/cmvvblf4ll.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"j0xk.op76.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693292/; classtype:trojan-activity;sid:84556392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693290)"; flow:established,from_client; content:"GET"; http_method; content:"/k3qxvsz57v.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"zq3.1z57.online"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693290/; classtype:trojan-activity;sid:84556390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693291)"; flow:established,from_client; content:"GET"; http_method; content:"/sn.google|3f|t=53shixtm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lc.ha5r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693291/; classtype:trojan-activity;sid:84556391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693289)"; flow:established,from_client; content:"GET"; http_method; content:"/52z513o6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lc.ha5r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693289/; classtype:trojan-activity;sid:84556389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.134.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693288/; classtype:trojan-activity;sid:84556388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.241.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693287/; classtype:trojan-activity;sid:84556387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.127.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693286/; classtype:trojan-activity;sid:84556386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693285)"; flow:established,from_client; content:"GET"; http_method; content:"/gvc4yuxkep.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c8m2t.op76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693285/; classtype:trojan-activity;sid:84556385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693284)"; flow:established,from_client; content:"GET"; http_method; content:"/888.google|3f|t=41yn5wmw"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"976.n6ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693284/; classtype:trojan-activity;sid:84556384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.135.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693283/; classtype:trojan-activity;sid:84556383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.34.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693282/; classtype:trojan-activity;sid:84556382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.167.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693281/; classtype:trojan-activity;sid:84556381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693279)"; flow:established,from_client; content:"GET"; http_method; content:"/hv.google|3f|t=amax3h3e"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"x64.x3le.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693279/; classtype:trojan-activity;sid:84556379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693280)"; flow:established,from_client; content:"GET"; http_method; content:"/ey6roxzgln.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c8m2t.op76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693280/; classtype:trojan-activity;sid:84556380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693278)"; flow:established,from_client; content:"GET"; http_method; content:"/lhl3ms9y"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"x64.x3le.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693278/; classtype:trojan-activity;sid:84556378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693277)"; flow:established,from_client; content:"GET"; http_method; content:"/dm4dt9ztaz.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"f0x8.1z57.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693277/; classtype:trojan-activity;sid:84556377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.8.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693276/; classtype:trojan-activity;sid:84556376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693275)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8379447128/qlazvgb.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693275/; classtype:trojan-activity;sid:84556375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.13.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693274/; classtype:trojan-activity;sid:84556374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693272)"; flow:established,from_client; content:"GET"; http_method; content:"/i0b5yem8lw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c8m2t.op76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693272/; classtype:trojan-activity;sid:84556372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693273)"; flow:established,from_client; content:"GET"; http_method; content:"/0d.check|3f|t=7ix2crgm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ck3.m2jo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693273/; classtype:trojan-activity;sid:84556373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693271)"; flow:established,from_client; content:"GET"; http_method; content:"/lh4rx7ah6j.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"f0x8.1z57.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693271/; classtype:trojan-activity;sid:84556371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693270)"; flow:established,from_client; content:"GET"; http_method; content:"/4tnixbgh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ck3.m2jo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693270/; classtype:trojan-activity;sid:84556370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.81.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693269/; classtype:trojan-activity;sid:84556369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.75.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693268/; classtype:trojan-activity;sid:84556368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.34.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693267/; classtype:trojan-activity;sid:84556367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.127.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693266/; classtype:trojan-activity;sid:84556366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693264)"; flow:established,from_client; content:"GET"; http_method; content:"/yhs.google|3f|t=17dza1qm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wz.t1va.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693264/; classtype:trojan-activity;sid:84556364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693265)"; flow:established,from_client; content:"GET"; http_method; content:"/yporxvmpq4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y5rb.op76.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693265/; classtype:trojan-activity;sid:84556365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.13.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693263/; classtype:trojan-activity;sid:84556363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.135.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693262/; classtype:trojan-activity;sid:84556362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.167.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693261/; classtype:trojan-activity;sid:84556361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.75.122"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693260/; classtype:trojan-activity;sid:84556360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.8.214"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693259/; classtype:trojan-activity;sid:84556359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693258)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8072548658/yrxrybt.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693258/; classtype:trojan-activity;sid:84556358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.153.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693257/; classtype:trojan-activity;sid:84556357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.81.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693256/; classtype:trojan-activity;sid:84556356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693254)"; flow:established,from_client; content:"GET"; http_method; content:"/69h.check|3f|t=8aex6hau"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"fc.qo1s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693254/; classtype:trojan-activity;sid:84556354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693255)"; flow:established,from_client; content:"GET"; http_method; content:"/5c3rmtyid5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y5rb.op76.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693255/; classtype:trojan-activity;sid:84556355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693253)"; flow:established,from_client; content:"GET"; http_method; content:"/ybl9da2x1m.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c7b2.1z57.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693253/; classtype:trojan-activity;sid:84556353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693252)"; flow:established,from_client; content:"GET"; http_method; content:"/ftzy5h0n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"fc.qo1s.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693252/; classtype:trojan-activity;sid:84556352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693250)"; flow:established,from_client; content:"GET"; http_method; content:"/29.google|3f|t=68wmfool"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"954.da6v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693250/; classtype:trojan-activity;sid:84556350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693251)"; flow:established,from_client; content:"GET"; http_method; content:"/empqmfhasw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y5rb.op76.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693251/; classtype:trojan-activity;sid:84556351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693249)"; flow:established,from_client; content:"GET"; http_method; content:"/wlisl6gzh5.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c7b2.1z57.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693249/; classtype:trojan-activity;sid:84556349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693248)"; flow:established,from_client; content:"GET"; http_method; content:"/gnfrke04"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"954.da6v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693248/; classtype:trojan-activity;sid:84556348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693247/; classtype:trojan-activity;sid:84556347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693246)"; flow:established,from_client; content:"GET"; http_method; content:"/16.check|3f|t=8iuobdn9"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lr.yq2r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693246/; classtype:trojan-activity;sid:84556346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693245)"; flow:established,from_client; content:"GET"; http_method; content:"/btp6juc536.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q2hzn.op76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693245/; classtype:trojan-activity;sid:84556345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693244)"; flow:established,from_client; content:"GET"; http_method; content:"/jka2m50z"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lr.yq2r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693244/; classtype:trojan-activity;sid:84556344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693243)"; flow:established,from_client; content:"GET"; http_method; content:"/h46b2r1imn.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c7b2.1z57.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693243/; classtype:trojan-activity;sid:84556343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693242)"; flow:established,from_client; content:"GET"; http_method; content:"/lv.google|3f|t=b47swwga"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ch.bo8y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693242/; classtype:trojan-activity;sid:84556342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693241)"; flow:established,from_client; content:"GET"; http_method; content:"/kthb5hhvqr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q2hzn.op76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693241/; classtype:trojan-activity;sid:84556341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.181.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693240/; classtype:trojan-activity;sid:84556340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.10.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693239/; classtype:trojan-activity;sid:84556339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693238)"; flow:established,from_client; content:"GET"; http_method; content:"/puoubwzw6l.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c7b2.1z57.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693238/; classtype:trojan-activity;sid:84556338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693237)"; flow:established,from_client; content:"GET"; http_method; content:"/7t4z34n5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ch.bo8y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693237/; classtype:trojan-activity;sid:84556337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.97.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693236/; classtype:trojan-activity;sid:84556336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.120.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693235/; classtype:trojan-activity;sid:84556335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693234)"; flow:established,from_client; content:"GET"; http_method; content:"/by.check|3f|t=7smh97ju"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"18.mi9q.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693234/; classtype:trojan-activity;sid:84556334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693233)"; flow:established,from_client; content:"GET"; http_method; content:"/d9yotyu67d.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q2hzn.op76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693233/; classtype:trojan-activity;sid:84556333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.69.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693232/; classtype:trojan-activity;sid:84556332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.31.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693231/; classtype:trojan-activity;sid:84556331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.39.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693230/; classtype:trojan-activity;sid:84556330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693229)"; flow:established,from_client; content:"GET"; http_method; content:"/ixffu03qzb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q2hzn.op76.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693229/; classtype:trojan-activity;sid:84556329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693228)"; flow:established,from_client; content:"GET"; http_method; content:"/5mf.check|3f|t=ooqaf3v2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vvx.re7x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693228/; classtype:trojan-activity;sid:84556328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.71.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693227/; classtype:trojan-activity;sid:84556327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.31.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693226/; classtype:trojan-activity;sid:84556326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.2.57.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693225/; classtype:trojan-activity;sid:84556325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.219.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693224/; classtype:trojan-activity;sid:84556324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.97.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693223/; classtype:trojan-activity;sid:84556323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693222)"; flow:established,from_client; content:"GET"; http_method; content:"/0b.check|3f|t=mmbtfvkw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ia.gi0x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693222/; classtype:trojan-activity;sid:84556322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.10.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693221/; classtype:trojan-activity;sid:84556321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693220/; classtype:trojan-activity;sid:84556320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.8.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693219/; classtype:trojan-activity;sid:84556319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693218)"; flow:established,from_client; content:"GET"; http_method; content:"/software.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693218/; classtype:trojan-activity;sid:84556318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.39.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693217/; classtype:trojan-activity;sid:84556317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693216/; classtype:trojan-activity;sid:84556316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.57.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693215/; classtype:trojan-activity;sid:84556315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693214)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ale/random.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693214/; classtype:trojan-activity;sid:84556314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693213)"; flow:established,from_client; content:"GET"; http_method; content:"/y9osh88hk7.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k0wz.u-v-9.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693213/; classtype:trojan-activity;sid:84556313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693212)"; flow:established,from_client; content:"GET"; http_method; content:"/nyn476an"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"evo.va4n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693212/; classtype:trojan-activity;sid:84556312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693211/; classtype:trojan-activity;sid:84556311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.83.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693210/; classtype:trojan-activity;sid:84556310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693209)"; flow:established,from_client; content:"GET"; http_method; content:"/hoqgy9wpbg.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k0wz.u-v-9.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693209/; classtype:trojan-activity;sid:84556309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.56.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693208/; classtype:trojan-activity;sid:84556308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693207)"; flow:established,from_client; content:"GET"; http_method; content:"/21qbrfk4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4i.zo4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693207/; classtype:trojan-activity;sid:84556307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693206/; classtype:trojan-activity;sid:84556306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693205/; classtype:trojan-activity;sid:84556305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.228.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693204/; classtype:trojan-activity;sid:84556304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693203)"; flow:established,from_client; content:"GET"; http_method; content:"/pxuori5b01.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y1r5.u-v-9.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693203/; classtype:trojan-activity;sid:84556303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693202)"; flow:established,from_client; content:"GET"; http_method; content:"/lek4swab"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5vt.lo2p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693202/; classtype:trojan-activity;sid:84556302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693201/; classtype:trojan-activity;sid:84556301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693200/; classtype:trojan-activity;sid:84556300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.216.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693199/; classtype:trojan-activity;sid:84556299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693198)"; flow:established,from_client; content:"GET"; http_method; content:"/122.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.100.157.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693198/; classtype:trojan-activity;sid:84556298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693196)"; flow:established,from_client; content:"GET"; http_method; content:"/n3y.google|3f|t=6euzlotx"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bcq.je9t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693196/; classtype:trojan-activity;sid:84556296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693197)"; flow:established,from_client; content:"GET"; http_method; content:"/izr0ibg3n6.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t7pqm.77-6.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693197/; classtype:trojan-activity;sid:84556297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.209.121.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693195/; classtype:trojan-activity;sid:84556295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.86.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693194/; classtype:trojan-activity;sid:84556294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693193)"; flow:established,from_client; content:"GET"; http_method; content:"/ahsd8nuaz2.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"t7pqm.77-6.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693193/; classtype:trojan-activity;sid:84556293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693192)"; flow:established,from_client; content:"GET"; http_method; content:"/l6.google|3f|t=c0m5t8b2"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5d.fi0m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693192/; classtype:trojan-activity;sid:84556292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693191)"; flow:established,from_client; content:"GET"; http_method; content:"/f86y1p3e"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5d.fi0m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693191/; classtype:trojan-activity;sid:84556291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693190)"; flow:established,from_client; content:"GET"; http_method; content:"/iptrph7pwg.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qz8hd.mjg-1.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693190/; classtype:trojan-activity;sid:84556290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693189/; classtype:trojan-activity;sid:84556289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.192.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693188/; classtype:trojan-activity;sid:84556288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693185)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693185/; classtype:trojan-activity;sid:84556285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693186)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693186/; classtype:trojan-activity;sid:84556286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693187)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693187/; classtype:trojan-activity;sid:84556287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.29.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693184/; classtype:trojan-activity;sid:84556284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693183)"; flow:established,from_client; content:"GET"; http_method; content:"/5n7acsetdu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a3k9.77-6.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693183/; classtype:trojan-activity;sid:84556283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693182)"; flow:established,from_client; content:"GET"; http_method; content:"/beu.check|3f|t=acqih7q8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"nq.pe8d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693182/; classtype:trojan-activity;sid:84556282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693181)"; flow:established,from_client; content:"GET"; http_method; content:"/ew9r3r2qb4.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p9a.mjg-1.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693181/; classtype:trojan-activity;sid:84556281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693180)"; flow:established,from_client; content:"GET"; http_method; content:"/9t6v6tfk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nq.pe8d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693180/; classtype:trojan-activity;sid:84556280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.227.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693179/; classtype:trojan-activity;sid:84556279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.96.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693178/; classtype:trojan-activity;sid:84556278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693175/; classtype:trojan-activity;sid:84556275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693176)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693176/; classtype:trojan-activity;sid:84556276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.219.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693177/; classtype:trojan-activity;sid:84556277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693174)"; flow:established,from_client; content:"GET"; http_method; content:"/pk8jmpuhwl.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"d2xm.mjg-1.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693174/; classtype:trojan-activity;sid:84556274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693172)"; flow:established,from_client; content:"GET"; http_method; content:"/4m.google|3f|t=0hpjcj6j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"j0e.n6ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693172/; classtype:trojan-activity;sid:84556272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693173)"; flow:established,from_client; content:"GET"; http_method; content:"/sbrpzgyx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.ha5r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693173/; classtype:trojan-activity;sid:84556273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693171)"; flow:established,from_client; content:"GET"; http_method; content:"/1j0nayzzal.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"y9bm.5-sy77.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693171/; classtype:trojan-activity;sid:84556271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693169)"; flow:established,from_client; content:"GET"; http_method; content:"/i7b50lquzn.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v7k3q.mjg-1.online"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693169/; classtype:trojan-activity;sid:84556269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693170)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693170/; classtype:trojan-activity;sid:84556270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693160)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693160/; classtype:trojan-activity;sid:84556260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693161)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693161/; classtype:trojan-activity;sid:84556261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693162)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693162/; classtype:trojan-activity;sid:84556262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693163)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693163/; classtype:trojan-activity;sid:84556263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693164)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693164/; classtype:trojan-activity;sid:84556264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693165)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693165/; classtype:trojan-activity;sid:84556265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693166)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693166/; classtype:trojan-activity;sid:84556266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693167)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693167/; classtype:trojan-activity;sid:84556267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693168)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693168/; classtype:trojan-activity;sid:84556268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.96.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693153/; classtype:trojan-activity;sid:84556253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693154)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693154/; classtype:trojan-activity;sid:84556254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.27.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693155/; classtype:trojan-activity;sid:84556255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693156/; classtype:trojan-activity;sid:84556256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693157)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693157/; classtype:trojan-activity;sid:84556257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693158)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693158/; classtype:trojan-activity;sid:84556258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.219.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693159/; classtype:trojan-activity;sid:84556259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.91.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693138/; classtype:trojan-activity;sid:84556238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693139)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693139/; classtype:trojan-activity;sid:84556239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693140)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693140/; classtype:trojan-activity;sid:84556240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693141)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693141/; classtype:trojan-activity;sid:84556241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693142)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693142/; classtype:trojan-activity;sid:84556242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693143)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693143/; classtype:trojan-activity;sid:84556243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693144)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693144/; classtype:trojan-activity;sid:84556244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693145)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693145/; classtype:trojan-activity;sid:84556245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693146)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693146/; classtype:trojan-activity;sid:84556246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693147)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693147/; classtype:trojan-activity;sid:84556247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693148)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693148/; classtype:trojan-activity;sid:84556248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693149)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693149/; classtype:trojan-activity;sid:84556249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693150)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"ewwfwedd.ooguy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693150/; classtype:trojan-activity;sid:84556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693151)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693151/; classtype:trojan-activity;sid:84556251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693152)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693152/; classtype:trojan-activity;sid:84556252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693137)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693137/; classtype:trojan-activity;sid:84556237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693136)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693136/; classtype:trojan-activity;sid:84556236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693135)"; flow:established,from_client; content:"GET"; http_method; content:"/2e1n1z6h"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"j0e.n6ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693135/; classtype:trojan-activity;sid:84556235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693134)"; flow:established,from_client; content:"GET"; http_method; content:"/or.google|3f|t=4b51a2b5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"i2.x3le.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693134/; classtype:trojan-activity;sid:84556234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693128)"; flow:established,from_client; content:"GET"; http_method; content:"/q7d55g9zi5.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a3vnt.5-sy77.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693128/; classtype:trojan-activity;sid:84556228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693129)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693129/; classtype:trojan-activity;sid:84556229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693130)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693130/; classtype:trojan-activity;sid:84556230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693131)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693131/; classtype:trojan-activity;sid:84556231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693132)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693132/; classtype:trojan-activity;sid:84556232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693133)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"1saadqdwdqd.camdvr.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693133/; classtype:trojan-activity;sid:84556233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693117)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693117/; classtype:trojan-activity;sid:84556217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693118)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693118/; classtype:trojan-activity;sid:84556218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693119)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693119/; classtype:trojan-activity;sid:84556219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693120)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693120/; classtype:trojan-activity;sid:84556220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693121)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693121/; classtype:trojan-activity;sid:84556221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693122)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693122/; classtype:trojan-activity;sid:84556222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693123)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693123/; classtype:trojan-activity;sid:84556223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693124)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693124/; classtype:trojan-activity;sid:84556224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693125)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693125/; classtype:trojan-activity;sid:84556225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693126)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693126/; classtype:trojan-activity;sid:84556226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693127)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693127/; classtype:trojan-activity;sid:84556227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693114)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693114/; classtype:trojan-activity;sid:84556214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693115)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693115/; classtype:trojan-activity;sid:84556215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693116)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693116/; classtype:trojan-activity;sid:84556216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693113)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693113/; classtype:trojan-activity;sid:84556213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693112)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693112/; classtype:trojan-activity;sid:84556212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693095)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693095/; classtype:trojan-activity;sid:84556195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693096)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693096/; classtype:trojan-activity;sid:84556196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693097)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693097/; classtype:trojan-activity;sid:84556197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693098)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693098/; classtype:trojan-activity;sid:84556198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693099)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693099/; classtype:trojan-activity;sid:84556199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693100)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693100/; classtype:trojan-activity;sid:84556200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693101)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693101/; classtype:trojan-activity;sid:84556201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693102)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693102/; classtype:trojan-activity;sid:84556202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693103)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693103/; classtype:trojan-activity;sid:84556203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693104)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693104/; classtype:trojan-activity;sid:84556204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693105)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693105/; classtype:trojan-activity;sid:84556205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693106)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693106/; classtype:trojan-activity;sid:84556206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693107)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693107/; classtype:trojan-activity;sid:84556207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693108)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693108/; classtype:trojan-activity;sid:84556208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693109)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693109/; classtype:trojan-activity;sid:84556209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693110)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693110/; classtype:trojan-activity;sid:84556210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693111)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693111/; classtype:trojan-activity;sid:84556211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693085)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693085/; classtype:trojan-activity;sid:84556185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693086)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693086/; classtype:trojan-activity;sid:84556186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693087)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693087/; classtype:trojan-activity;sid:84556187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693088)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693088/; classtype:trojan-activity;sid:84556188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693089)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693089/; classtype:trojan-activity;sid:84556189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693090)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693090/; classtype:trojan-activity;sid:84556190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693091)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693091/; classtype:trojan-activity;sid:84556191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693092)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693092/; classtype:trojan-activity;sid:84556192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693093)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693093/; classtype:trojan-activity;sid:84556193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693094)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693094/; classtype:trojan-activity;sid:84556194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693069)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693069/; classtype:trojan-activity;sid:84556169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693070)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693070/; classtype:trojan-activity;sid:84556170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693071)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693071/; classtype:trojan-activity;sid:84556171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693072)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693072/; classtype:trojan-activity;sid:84556172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693073)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693073/; classtype:trojan-activity;sid:84556173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693074)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693074/; classtype:trojan-activity;sid:84556174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693075)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693075/; classtype:trojan-activity;sid:84556175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693076)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693076/; classtype:trojan-activity;sid:84556176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693077)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693077/; classtype:trojan-activity;sid:84556177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693078)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693078/; classtype:trojan-activity;sid:84556178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693079)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693079/; classtype:trojan-activity;sid:84556179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693080)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693080/; classtype:trojan-activity;sid:84556180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693081)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693081/; classtype:trojan-activity;sid:84556181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693082)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693082/; classtype:trojan-activity;sid:84556182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693083)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693083/; classtype:trojan-activity;sid:84556183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693084)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693084/; classtype:trojan-activity;sid:84556184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693068)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693068/; classtype:trojan-activity;sid:84556168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693067)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693067/; classtype:trojan-activity;sid:84556167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693063)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693063/; classtype:trojan-activity;sid:84556163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693064)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693064/; classtype:trojan-activity;sid:84556164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693065)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693065/; classtype:trojan-activity;sid:84556165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693066)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693066/; classtype:trojan-activity;sid:84556166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693058)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693058/; classtype:trojan-activity;sid:84556158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693059)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693059/; classtype:trojan-activity;sid:84556159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693060)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693060/; classtype:trojan-activity;sid:84556160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693061)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693061/; classtype:trojan-activity;sid:84556161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693062)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693062/; classtype:trojan-activity;sid:84556162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693056)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693056/; classtype:trojan-activity;sid:84556156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693057)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693057/; classtype:trojan-activity;sid:84556157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693051)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693051/; classtype:trojan-activity;sid:84556151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693052)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693052/; classtype:trojan-activity;sid:84556152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693053)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693053/; classtype:trojan-activity;sid:84556153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693054)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.sdsksdkldsd.accesscam.org"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693054/; classtype:trojan-activity;sid:84556154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693055)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693055/; classtype:trojan-activity;sid:84556155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693047)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"adsdadadad.ddnsgeek.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693047/; classtype:trojan-activity;sid:84556147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693048)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"asdkdakd.kozow.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693048/; classtype:trojan-activity;sid:84556148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693049)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"sdsksdkldsd.accesscam.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693049/; classtype:trojan-activity;sid:84556149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693050)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693050/; classtype:trojan-activity;sid:84556150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693045)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.ewwfwedd.ooguy.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693045/; classtype:trojan-activity;sid:84556145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693046)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"www.1saadqdwdqd.camdvr.org"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693046/; classtype:trojan-activity;sid:84556146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.19.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693044/; classtype:trojan-activity;sid:84556144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693042)"; flow:established,from_client; content:"GET"; http_method; content:"/3k.check|3f|t=9g2iw6v4"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"0y.m2jo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693042/; classtype:trojan-activity;sid:84556142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693043)"; flow:established,from_client; content:"GET"; http_method; content:"/b5vajs4awz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a3vnt.5-sy77.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693043/; classtype:trojan-activity;sid:84556143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693039)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693039/; classtype:trojan-activity;sid:84556139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693040)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693040/; classtype:trojan-activity;sid:84556140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693041)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693041/; classtype:trojan-activity;sid:84556141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693037)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693037/; classtype:trojan-activity;sid:84556137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693038)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693038/; classtype:trojan-activity;sid:84556138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693036)"; flow:established,from_client; content:"GET"; http_method; content:"/eean9poy3e.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rk8.64198.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693036/; classtype:trojan-activity;sid:84556136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693035)"; flow:established,from_client; content:"GET"; http_method; content:"/4unmfaru"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"0y.m2jo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693035/; classtype:trojan-activity;sid:84556135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693034)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693034/; classtype:trojan-activity;sid:84556134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693028)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693028/; classtype:trojan-activity;sid:84556128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693029)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693029/; classtype:trojan-activity;sid:84556129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693030)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693030/; classtype:trojan-activity;sid:84556130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693031)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693031/; classtype:trojan-activity;sid:84556131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693032)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/1.sh"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693032/; classtype:trojan-activity;sid:84556132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693033)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693033/; classtype:trojan-activity;sid:84556133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693025)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693025/; classtype:trojan-activity;sid:84556125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693026)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693026/; classtype:trojan-activity;sid:84556126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693027)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"m29810.contaboserver.net"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693027/; classtype:trojan-activity;sid:84556127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.5.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693024/; classtype:trojan-activity;sid:84556124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.132.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693023/; classtype:trojan-activity;sid:84556123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693020)"; flow:established,from_client; content:"GET"; http_method; content:"/144/sdf0xc9v0sd0fff0sd09d/ojo090iui0ewr0d0dfsd9f032iue0rt0ter0dfg0fdg0ert9eterfdg90dfgw9e0r.doc"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693020/; classtype:trojan-activity;sid:84556120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.100.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693021/; classtype:trojan-activity;sid:84556121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.44.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693022/; classtype:trojan-activity;sid:84556122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693018)"; flow:established,from_client; content:"GET"; http_method; content:"/144/ojo090iui0ewr0d0dfsd9f032iue0rt0ter0dfg0fdg0ert9eterfdg90dfgw9e0r.vbe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693018/; classtype:trojan-activity;sid:84556118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693019)"; flow:established,from_client; content:"GET"; http_method; content:"/144/ojo090iui0ewr0d0dfsd9f032iue0rt0ter0dfg0fdg0ert9eterfdg90dfgw9e0r.vbe"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693019/; classtype:trojan-activity;sid:84556119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693017)"; flow:established,from_client; content:"GET"; http_method; content:"/144/sdf0xc9v0sd0fff0sd09d/ojo090iui0ewr0d0dfsd9f032iue0rt0ter0dfg0fdg0ert9eterfdg90dfgw9e0r.doc"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"192.3.136.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693017/; classtype:trojan-activity;sid:84556117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693016)"; flow:established,from_client; content:"GET"; http_method; content:"/download/setup.pdf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"any-deskt.net"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693016/; classtype:trojan-activity;sid:84556116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693015)"; flow:established,from_client; content:"GET"; http_method; content:"/download/setup.pdf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"78.153.155.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693015/; classtype:trojan-activity;sid:84556115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693014)"; flow:established,from_client; content:"GET"; http_method; content:"/4g816icbnj.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h2v.64198.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693014/; classtype:trojan-activity;sid:84556114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693013)"; flow:established,from_client; content:"GET"; http_method; content:"/gavojmkl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5e.t1va.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693013/; classtype:trojan-activity;sid:84556113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693004)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693004/; classtype:trojan-activity;sid:84556104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693005)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693005/; classtype:trojan-activity;sid:84556105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693006)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693006/; classtype:trojan-activity;sid:84556106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693007)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693007/; classtype:trojan-activity;sid:84556107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693008)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693008/; classtype:trojan-activity;sid:84556108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693009)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693009/; classtype:trojan-activity;sid:84556109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693010)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693010/; classtype:trojan-activity;sid:84556110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693011)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693011/; classtype:trojan-activity;sid:84556111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693012)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.56.27.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693012/; classtype:trojan-activity;sid:84556112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.27.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693003/; classtype:trojan-activity;sid:84556103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.19.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693002/; classtype:trojan-activity;sid:84556102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693001)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.177.239.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693001/; classtype:trojan-activity;sid:84556101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3693000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.239.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3693000/; classtype:trojan-activity;sid:84556100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692998)"; flow:established,from_client; content:"GET"; http_method; content:"/ls.check|3f|t=6nfd0psg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5e.t1va.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692998/; classtype:trojan-activity;sid:84556098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692999)"; flow:established,from_client; content:"GET"; http_method; content:"/bzab76mw09.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pzk6.5-sy77.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692999/; classtype:trojan-activity;sid:84556099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.195.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692996/; classtype:trojan-activity;sid:84556096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692997/; classtype:trojan-activity;sid:84556097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692994)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/av.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692994/; classtype:trojan-activity;sid:84556094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692995)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692995/; classtype:trojan-activity;sid:84556095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692993)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692993/; classtype:trojan-activity;sid:84556093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692992)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692992/; classtype:trojan-activity;sid:84556092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692987)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692987/; classtype:trojan-activity;sid:84556087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692988)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692988/; classtype:trojan-activity;sid:84556088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692989)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/video.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692989/; classtype:trojan-activity;sid:84556089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692990)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692990/; classtype:trojan-activity;sid:84556090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692991)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/photo.scr"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692991/; classtype:trojan-activity;sid:84556091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692984)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692984/; classtype:trojan-activity;sid:84556084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692985)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692985/; classtype:trojan-activity;sid:84556085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692986)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692986/; classtype:trojan-activity;sid:84556086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692983)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692983/; classtype:trojan-activity;sid:84556083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692976)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692976/; classtype:trojan-activity;sid:84556076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692977)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692977/; classtype:trojan-activity;sid:84556077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692978)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/photo.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692978/; classtype:trojan-activity;sid:84556078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692979)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/video.lnk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692979/; classtype:trojan-activity;sid:84556079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692980)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692980/; classtype:trojan-activity;sid:84556080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692981)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/documents/av.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692981/; classtype:trojan-activity;sid:84556081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692982)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.89.77.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692982/; classtype:trojan-activity;sid:84556082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692972)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692972/; classtype:trojan-activity;sid:84556072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692973)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692973/; classtype:trojan-activity;sid:84556073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692974)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692974/; classtype:trojan-activity;sid:84556074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692975)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/massimo/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"151.16.54.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692975/; classtype:trojan-activity;sid:84556075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692968)"; flow:established,from_client; content:"GET"; http_method; content:"/rsg799rh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"o3n.zo8k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692968/; classtype:trojan-activity;sid:84556068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692969)"; flow:established,from_client; content:"GET"; http_method; content:"/els3gjdxhr.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pzk6.5-sy77.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692969/; classtype:trojan-activity;sid:84556069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692970)"; flow:established,from_client; content:"GET"; http_method; content:"/8q1fy5ohaa.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x.64198.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692970/; classtype:trojan-activity;sid:84556070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692971)"; flow:established,from_client; content:"GET"; http_method; content:"/ku.check|3f|t=q5f2co20"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"o3n.zo8k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692971/; classtype:trojan-activity;sid:84556071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.91.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692967/; classtype:trojan-activity;sid:84556067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.47.190.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692965/; classtype:trojan-activity;sid:84556065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.83.173"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692966/; classtype:trojan-activity;sid:84556066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.100.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692964/; classtype:trojan-activity;sid:84556064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692963)"; flow:established,from_client; content:"GET"; http_method; content:"/twvvywxol7.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y0q9.64198.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692963/; classtype:trojan-activity;sid:84556063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692962)"; flow:established,from_client; content:"GET"; http_method; content:"/73gpghi1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"aa.da6v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692962/; classtype:trojan-activity;sid:84556062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692960)"; flow:established,from_client; content:"GET"; http_method; content:"/ike.google|3f|t=w72huydp"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"aa.da6v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692960/; classtype:trojan-activity;sid:84556060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692961)"; flow:established,from_client; content:"GET"; http_method; content:"/itd9q5z8vu.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1rg3.5-sy77.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692961/; classtype:trojan-activity;sid:84556061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.57.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692959/; classtype:trojan-activity;sid:84556059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.195.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692958/; classtype:trojan-activity;sid:84556058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.22.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692957/; classtype:trojan-activity;sid:84556057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.47.190.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692956/; classtype:trojan-activity;sid:84556056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692955)"; flow:established,from_client; content:"GET"; http_method; content:"/tx7vb8mba4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"u1rg3.5-sy77.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692955/; classtype:trojan-activity;sid:84556055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692954)"; flow:established,from_client; content:"GET"; http_method; content:"/r6.google|3f|t=upbzzby5"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ay.yq2r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692954/; classtype:trojan-activity;sid:84556054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.242.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692953/; classtype:trojan-activity;sid:84556053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692952/; classtype:trojan-activity;sid:84556052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.190.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692951/; classtype:trojan-activity;sid:84556051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692950)"; flow:established,from_client; content:"GET"; http_method; content:"/saz43svgr4.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r9q.f42u6.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692950/; classtype:trojan-activity;sid:84556050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692943)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692943/; classtype:trojan-activity;sid:84556043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.225.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692944/; classtype:trojan-activity;sid:84556044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.57.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692945/; classtype:trojan-activity;sid:84556045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692946)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692946/; classtype:trojan-activity;sid:84556046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692947)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/debug"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692947/; classtype:trojan-activity;sid:84556047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692948)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/debug"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692948/; classtype:trojan-activity;sid:84556048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.91.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692949/; classtype:trojan-activity;sid:84556049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692933)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692933/; classtype:trojan-activity;sid:84556033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692934)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692934/; classtype:trojan-activity;sid:84556034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692935)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692935/; classtype:trojan-activity;sid:84556035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692936)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692936/; classtype:trojan-activity;sid:84556036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692937)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692937/; classtype:trojan-activity;sid:84556037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692938)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692938/; classtype:trojan-activity;sid:84556038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692939)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692939/; classtype:trojan-activity;sid:84556039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692940)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692940/; classtype:trojan-activity;sid:84556040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692941)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"37.49.148.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692941/; classtype:trojan-activity;sid:84556041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.171.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692942/; classtype:trojan-activity;sid:84556042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692932)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692932/; classtype:trojan-activity;sid:84556032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692923)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692923/; classtype:trojan-activity;sid:84556023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692924)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692924/; classtype:trojan-activity;sid:84556024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692925)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692925/; classtype:trojan-activity;sid:84556025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692926)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692926/; classtype:trojan-activity;sid:84556026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692927)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692927/; classtype:trojan-activity;sid:84556027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692928)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692928/; classtype:trojan-activity;sid:84556028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692929)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692929/; classtype:trojan-activity;sid:84556029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692930)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692930/; classtype:trojan-activity;sid:84556030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692931)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692931/; classtype:trojan-activity;sid:84556031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692918)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692918/; classtype:trojan-activity;sid:84556018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692919)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692919/; classtype:trojan-activity;sid:84556019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692920)"; flow:established,from_client; content:"GET"; http_method; content:"/dwrioej/neon.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692920/; classtype:trojan-activity;sid:84556020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692921)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"joker.proxywall.p-e.kr"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692921/; classtype:trojan-activity;sid:84556021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692922)"; flow:established,from_client; content:"GET"; http_method; content:"/7u7.google|3f|t=w2ee7umy"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"veu.mi9q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692922/; classtype:trojan-activity;sid:84556022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692913)"; flow:established,from_client; content:"GET"; http_method; content:"/install_and_run.bat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"13.60.240.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692913/; classtype:trojan-activity;sid:84556013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692914)"; flow:established,from_client; content:"GET"; http_method; content:"/2n48bg1bgb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d2x7.5-sy77.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692914/; classtype:trojan-activity;sid:84556014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692915)"; flow:established,from_client; content:"GET"; http_method; content:"/install_and_run.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"13.60.240.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692915/; classtype:trojan-activity;sid:84556015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692916)"; flow:established,from_client; content:"GET"; http_method; content:"/4nnwjane"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"veu.mi9q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692916/; classtype:trojan-activity;sid:84556016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692917)"; flow:established,from_client; content:"GET"; http_method; content:"/whatsapp_stealer"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"13.60.240.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692917/; classtype:trojan-activity;sid:84556017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692912)"; flow:established,from_client; content:"GET"; http_method; content:"/whatsapp_stealer.py"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"13.60.240.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692912/; classtype:trojan-activity;sid:84556012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692909)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692909/; classtype:trojan-activity;sid:84556009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692910)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692910/; classtype:trojan-activity;sid:84556010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692911)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692911/; classtype:trojan-activity;sid:84556011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692908)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692908/; classtype:trojan-activity;sid:84556008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692907)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692907/; classtype:trojan-activity;sid:84556007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692906)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692906/; classtype:trojan-activity;sid:84556006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692905)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692905/; classtype:trojan-activity;sid:84556005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692902)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692902/; classtype:trojan-activity;sid:84556002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692903)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692903/; classtype:trojan-activity;sid:84556003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692904)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692904/; classtype:trojan-activity;sid:84556004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692899)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692899/; classtype:trojan-activity;sid:84555999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692900)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692900/; classtype:trojan-activity;sid:84556000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692901)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"witcher-dev.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692901/; classtype:trojan-activity;sid:84556001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692898)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692898/; classtype:trojan-activity;sid:84555998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692896)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692896/; classtype:trojan-activity;sid:84555996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692897)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692897/; classtype:trojan-activity;sid:84555997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692893)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692893/; classtype:trojan-activity;sid:84555993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692894)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692894/; classtype:trojan-activity;sid:84555994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692895)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692895/; classtype:trojan-activity;sid:84555995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692889)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692889/; classtype:trojan-activity;sid:84555989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692890)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692890/; classtype:trojan-activity;sid:84555990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692891)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692891/; classtype:trojan-activity;sid:84555991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692892)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"auto-marketing-solutions.gb.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692892/; classtype:trojan-activity;sid:84555992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692888)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692888/; classtype:trojan-activity;sid:84555988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692887)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692887/; classtype:trojan-activity;sid:84555987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692886)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692886/; classtype:trojan-activity;sid:84555986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.189.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692879/; classtype:trojan-activity;sid:84555979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692880)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692880/; classtype:trojan-activity;sid:84555980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692881)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692881/; classtype:trojan-activity;sid:84555981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692882)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692882/; classtype:trojan-activity;sid:84555982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692883)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692883/; classtype:trojan-activity;sid:84555983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692884)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692884/; classtype:trojan-activity;sid:84555984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692885)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692885/; classtype:trojan-activity;sid:84555985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692878)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692878/; classtype:trojan-activity;sid:84555978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692877/; classtype:trojan-activity;sid:84555977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.248.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692876/; classtype:trojan-activity;sid:84555976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692874)"; flow:established,from_client; content:"GET"; http_method; content:"/eth592wfuz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"h4qpn.5-sy77.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692874/; classtype:trojan-activity;sid:84555974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692875)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.215.85.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692875/; classtype:trojan-activity;sid:84555975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692873)"; flow:established,from_client; content:"GET"; http_method; content:"/vv.google|3f|t=0o48exl7"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cx.re7x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692873/; classtype:trojan-activity;sid:84555973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.98.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692872/; classtype:trojan-activity;sid:84555972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692871)"; flow:established,from_client; content:"GET"; http_method; content:"/epon"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692871/; classtype:trojan-activity;sid:84555971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692870)"; flow:established,from_client; content:"GET"; http_method; content:"/setup"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692870/; classtype:trojan-activity;sid:84555970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692868)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692868/; classtype:trojan-activity;sid:84555968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692869/; classtype:trojan-activity;sid:84555969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692867)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692867/; classtype:trojan-activity;sid:84555967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692865)"; flow:established,from_client; content:"GET"; http_method; content:"/kb.check|3f|t=hogy2vrt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ioy.wi7o.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692865/; classtype:trojan-activity;sid:84555965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692866)"; flow:established,from_client; content:"GET"; http_method; content:"/thyqa04tht.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c9la.w-8z35.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692866/; classtype:trojan-activity;sid:84555966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.99.167.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692864/; classtype:trojan-activity;sid:84555964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.227.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692863/; classtype:trojan-activity;sid:84555963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.190.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692862/; classtype:trojan-activity;sid:84555962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.171.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692861/; classtype:trojan-activity;sid:84555961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692860)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692860/; classtype:trojan-activity;sid:84555960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692859)"; flow:established,from_client; content:"GET"; http_method; content:"/adobe.msi"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692859/; classtype:trojan-activity;sid:84555959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692858)"; flow:established,from_client; content:"GET"; http_method; content:"/zoomapk.msi"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692858/; classtype:trojan-activity;sid:84555958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692853)"; flow:established,from_client; content:"GET"; http_method; content:"/adobeupdate.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692853/; classtype:trojan-activity;sid:84555953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692854)"; flow:established,from_client; content:"GET"; http_method; content:"/8wcu32y34c.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c9la.w-8z35.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692854/; classtype:trojan-activity;sid:84555954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692855)"; flow:established,from_client; content:"GET"; http_method; content:"/adoberead.msi"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692855/; classtype:trojan-activity;sid:84555955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692856)"; flow:established,from_client; content:"GET"; http_method; content:"/l/walletconnectdevrestore.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cwwgg-p5wdxtar.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692856/; classtype:trojan-activity;sid:84555956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692857)"; flow:established,from_client; content:"GET"; http_method; content:"/m5.check|3f|t=kvptx2sm"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"fl.gi0x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692857/; classtype:trojan-activity;sid:84555957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692848)"; flow:established,from_client; content:"GET"; http_method; content:"/adobeupdate.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.154.172.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692848/; classtype:trojan-activity;sid:84555948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692849)"; flow:established,from_client; content:"GET"; http_method; content:"/adoberead.msi"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.154.172.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692849/; classtype:trojan-activity;sid:84555949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692850)"; flow:established,from_client; content:"GET"; http_method; content:"/zoomapk.msi"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.154.172.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692850/; classtype:trojan-activity;sid:84555950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692851)"; flow:established,from_client; content:"GET"; http_method; content:"/l/walletconnectdevrestore.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"94.154.172.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692851/; classtype:trojan-activity;sid:84555951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692852)"; flow:established,from_client; content:"GET"; http_method; content:"/adobe.msi"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.154.172.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692852/; classtype:trojan-activity;sid:84555952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.68.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692847/; classtype:trojan-activity;sid:84555947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.248.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692839/; classtype:trojan-activity;sid:84555939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.220.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692840/; classtype:trojan-activity;sid:84555940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.114.108.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692841/; classtype:trojan-activity;sid:84555941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692842/; classtype:trojan-activity;sid:84555942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.232.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692843/; classtype:trojan-activity;sid:84555943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.58.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692844/; classtype:trojan-activity;sid:84555944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.62.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692845/; classtype:trojan-activity;sid:84555945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.132.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692846/; classtype:trojan-activity;sid:84555946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.59.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692838/; classtype:trojan-activity;sid:84555938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.97.210.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692836/; classtype:trojan-activity;sid:84555936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.97.210.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692837/; classtype:trojan-activity;sid:84555937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.189.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692835/; classtype:trojan-activity;sid:84555935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.225.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692834/; classtype:trojan-activity;sid:84555934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692833)"; flow:established,from_client; content:"GET"; http_method; content:"/1m4.check|3f|t=5wmj875j"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"4jf.va4n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692833/; classtype:trojan-activity;sid:84555933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692832)"; flow:established,from_client; content:"GET"; http_method; content:"/s4xo0bmozb.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"c9la.w-8z35.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692832/; classtype:trojan-activity;sid:84555932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692831/; classtype:trojan-activity;sid:84555931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692830/; classtype:trojan-activity;sid:84555930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.44.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692829/; classtype:trojan-activity;sid:84555929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692822)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692822/; classtype:trojan-activity;sid:84555922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692823)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692823/; classtype:trojan-activity;sid:84555923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692824)"; flow:established,from_client; content:"GET"; http_method; content:"/main_smain_c"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692824/; classtype:trojan-activity;sid:84555924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692825)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692825/; classtype:trojan-activity;sid:84555925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692826)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692826/; classtype:trojan-activity;sid:84555926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692827)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692827/; classtype:trojan-activity;sid:84555927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692828)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692828/; classtype:trojan-activity;sid:84555928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692817)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mimain_s"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692817/; classtype:trojan-activity;sid:84555917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692818)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692818/; classtype:trojan-activity;sid:84555918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692819)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mmain_sl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692819/; classtype:trojan-activity;sid:84555919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692820)"; flow:established,from_client; content:"GET"; http_method; content:"/main_main_main_c"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692820/; classtype:trojan-activity;sid:84555920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692821)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.53.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692821/; classtype:trojan-activity;sid:84555921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692816)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"s51sa.glosscreate.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692816/; classtype:trojan-activity;sid:84555916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.227.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692815/; classtype:trojan-activity;sid:84555915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692814)"; flow:established,from_client; content:"GET"; http_method; content:"/z0in18kcwo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m5we2.w-8z35.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692814/; classtype:trojan-activity;sid:84555914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692813)"; flow:established,from_client; content:"GET"; http_method; content:"/tu8.google|3f|t=0hzf3q3f"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"tq.zo4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692813/; classtype:trojan-activity;sid:84555913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692812)"; flow:established,from_client; content:"GET"; http_method; content:"/vm3sd1eait.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"k3.f42u6.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692812/; classtype:trojan-activity;sid:84555912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692811)"; flow:established,from_client; content:"GET"; http_method; content:"/cn.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692811/; classtype:trojan-activity;sid:84555911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.138.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692807/; classtype:trojan-activity;sid:84555907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692808)"; flow:established,from_client; content:"GET"; http_method; content:"/a/aarch64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692808/; classtype:trojan-activity;sid:84555908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692809)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692809/; classtype:trojan-activity;sid:84555909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692810)"; flow:established,from_client; content:"GET"; http_method; content:"/a/mipsel"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692810/; classtype:trojan-activity;sid:84555910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692805)"; flow:established,from_client; content:"GET"; http_method; content:"/vac.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692805/; classtype:trojan-activity;sid:84555905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692806)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692806/; classtype:trojan-activity;sid:84555906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692804)"; flow:established,from_client; content:"GET"; http_method; content:"/fxy3elj8"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"tq.zo4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692804/; classtype:trojan-activity;sid:84555904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692803)"; flow:established,from_client; content:"GET"; http_method; content:"/6nu.google|3f|t=hgzked0q"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"9u.ve5l.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692803/; classtype:trojan-activity;sid:84555903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692802)"; flow:established,from_client; content:"GET"; http_method; content:"/hp20snkk1e.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"m5we2.w-8z35.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692802/; classtype:trojan-activity;sid:84555902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.44.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692801/; classtype:trojan-activity;sid:84555901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.181.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692800/; classtype:trojan-activity;sid:84555900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692799/; classtype:trojan-activity;sid:84555899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692798)"; flow:established,from_client; content:"GET"; http_method; content:"/85.google|3f|t=xg8d54jr"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"l2v.lo2p.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692798/; classtype:trojan-activity;sid:84555898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692797)"; flow:established,from_client; content:"GET"; http_method; content:"/25190f98j4.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"r0yg.w-8z35.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692797/; classtype:trojan-activity;sid:84555897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.167.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692796/; classtype:trojan-activity;sid:84555896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.79.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692795/; classtype:trojan-activity;sid:84555895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.148.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692794/; classtype:trojan-activity;sid:84555894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.214.198.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692793/; classtype:trojan-activity;sid:84555893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.81.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692792/; classtype:trojan-activity;sid:84555892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692791)"; flow:established,from_client; content:"GET"; http_method; content:"/igtlv6kx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lh.je9t.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692791/; classtype:trojan-activity;sid:84555891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692790)"; flow:established,from_client; content:"GET"; http_method; content:"/9mujf37yaj.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"v7p2.i-m22.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692790/; classtype:trojan-activity;sid:84555890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692789)"; flow:established,from_client; content:"GET"; http_method; content:"/main.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"213.239.204.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692789/; classtype:trojan-activity;sid:84555889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692788)"; flow:established,from_client; content:"GET"; http_method; content:"/xm4tby6sqx.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tbd9.w-8z35.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692788/; classtype:trojan-activity;sid:84555888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692786)"; flow:established,from_client; content:"GET"; http_method; content:"/lx.check|3f|t=ho3q7pj5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"3f.fi0m.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692786/; classtype:trojan-activity;sid:84555886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692787)"; flow:established,from_client; content:"GET"; http_method; content:"/discord.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"213.239.204.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692787/; classtype:trojan-activity;sid:84555887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.242.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692785/; classtype:trojan-activity;sid:84555885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.189.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692784/; classtype:trojan-activity;sid:84555884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.250.11.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692783/; classtype:trojan-activity;sid:84555883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692782)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"7octubredc.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692782/; classtype:trojan-activity;sid:84555882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692781)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"7octubredc.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692781/; classtype:trojan-activity;sid:84555881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692780)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.31agostomax4.dynuddns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692780/; classtype:trojan-activity;sid:84555880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692779)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.31agostomax4.dynuddns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692779/; classtype:trojan-activity;sid:84555879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692774)"; flow:established,from_client; content:"GET"; http_method; content:"/pchichi.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"186.169.69.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692774/; classtype:trojan-activity;sid:84555874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692775)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.69.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692775/; classtype:trojan-activity;sid:84555875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692776)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"186.169.69.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692776/; classtype:trojan-activity;sid:84555876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692777)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.31agostomax4.dynuddns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692777/; classtype:trojan-activity;sid:84555877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692778)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.31agostomax4.dynuddns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692778/; classtype:trojan-activity;sid:84555878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692773)"; flow:established,from_client; content:"GET"; http_method; content:"/dllchichi.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.31agostomax4.dynuddns.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692773/; classtype:trojan-activity;sid:84555873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692771)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"186.169.69.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692771/; classtype:trojan-activity;sid:84555871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692772)"; flow:established,from_client; content:"GET"; http_method; content:"/andre.vbs"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.169.69.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692772/; classtype:trojan-activity;sid:84555872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692769)"; flow:established,from_client; content:"GET"; http_method; content:"/zm1qxn35wx.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"m0x.i-m22.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692769/; classtype:trojan-activity;sid:84555869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692767)"; flow:established,from_client; content:"GET"; http_method; content:"/kugm63ba"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"f5.pe8d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692767/; classtype:trojan-activity;sid:84555867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.42.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692763/; classtype:trojan-activity;sid:84555863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692761)"; flow:established,from_client; content:"GET"; http_method; content:"/jvc.google|3f|t=ufoh2yru"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"f5.pe8d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692761/; classtype:trojan-activity;sid:84555861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692762)"; flow:established,from_client; content:"GET"; http_method; content:"/yu9kcloaln.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z83n.w-8z35.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692762/; classtype:trojan-activity;sid:84555862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.81.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692760/; classtype:trojan-activity;sid:84555860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692759)"; flow:established,from_client; content:"GET"; http_method; content:"/819arppohj.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z83n.w-8z35.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692759/; classtype:trojan-activity;sid:84555859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.248.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692757/; classtype:trojan-activity;sid:84555857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692758)"; flow:established,from_client; content:"GET"; http_method; content:"/in.check|3f|t=2c6pixd2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t6c.sa3x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692758/; classtype:trojan-activity;sid:84555858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.91.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692756/; classtype:trojan-activity;sid:84555856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.214.198.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692755/; classtype:trojan-activity;sid:84555855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.250.11.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692754/; classtype:trojan-activity;sid:84555854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.242.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692753/; classtype:trojan-activity;sid:84555853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692752)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"oo.mardiripping.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692752/; classtype:trojan-activity;sid:84555852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692751)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"iu45.mardiripping.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692751/; classtype:trojan-activity;sid:84555851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692750)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5169.mardiripping.digital"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692750/; classtype:trojan-activity;sid:84555850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.153.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692749/; classtype:trojan-activity;sid:84555849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692737/; classtype:trojan-activity;sid:84555837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692738)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692738/; classtype:trojan-activity;sid:84555838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692739)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692739/; classtype:trojan-activity;sid:84555839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692740/; classtype:trojan-activity;sid:84555840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692741/; classtype:trojan-activity;sid:84555841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692742)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692742/; classtype:trojan-activity;sid:84555842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692743)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692743/; classtype:trojan-activity;sid:84555843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692744)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692744/; classtype:trojan-activity;sid:84555844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692745)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692745/; classtype:trojan-activity;sid:84555845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692746)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692746/; classtype:trojan-activity;sid:84555846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692747)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692747/; classtype:trojan-activity;sid:84555847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692748)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692748/; classtype:trojan-activity;sid:84555848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"196.251.66.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692736/; classtype:trojan-activity;sid:84555836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692734)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"89.37.185.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692734/; classtype:trojan-activity;sid:84555834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692735)"; flow:established,from_client; content:"GET"; http_method; content:"/orbt/orbt.i468"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.141.49.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692735/; classtype:trojan-activity;sid:84555835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692732)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"213.136.76.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692732/; classtype:trojan-activity;sid:84555832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692733)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i468"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"213.136.76.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692733/; classtype:trojan-activity;sid:84555833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692731)"; flow:established,from_client; content:"GET"; http_method; content:"/apps.bin"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jd51sa.glosscreate.digital"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692731/; classtype:trojan-activity;sid:84555831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692730)"; flow:established,from_client; content:"GET"; http_method; content:"/i8l.google|3f|t=wen3wiz7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"zf.n6ri.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692730/; classtype:trojan-activity;sid:84555830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692729)"; flow:established,from_client; content:"GET"; http_method; content:"/gpqb2t9y1p.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"v1kpa.w-8z35.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692729/; classtype:trojan-activity;sid:84555829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.96.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692728/; classtype:trojan-activity;sid:84555828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.11.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692727/; classtype:trojan-activity;sid:84555827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692726/; classtype:trojan-activity;sid:84555826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692725/; classtype:trojan-activity;sid:84555825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.15.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692724/; classtype:trojan-activity;sid:84555824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692723)"; flow:established,from_client; content:"GET"; http_method; content:"/mv.check|3f|t=oy4jmnrb"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"t1.x3le.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692723/; classtype:trojan-activity;sid:84555823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692722)"; flow:established,from_client; content:"GET"; http_method; content:"/0eehr11v3g.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7m2x.w-8z35.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692722/; classtype:trojan-activity;sid:84555822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.72.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692721/; classtype:trojan-activity;sid:84555821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.220.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692720/; classtype:trojan-activity;sid:84555820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.6.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692719/; classtype:trojan-activity;sid:84555819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692718/; classtype:trojan-activity;sid:84555818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692717)"; flow:established,from_client; content:"GET"; http_method; content:"/codebase5533"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.252.198.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692717/; classtype:trojan-activity;sid:84555817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692716)"; flow:established,from_client; content:"GET"; http_method; content:"/o81d4z8obd.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h1vf4.lu2p.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692716/; classtype:trojan-activity;sid:84555816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692715)"; flow:established,from_client; content:"GET"; http_method; content:"/dvs3aehu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"jwr.m2jo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692715/; classtype:trojan-activity;sid:84555815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692714)"; flow:established,from_client; content:"GET"; http_method; content:"/componente_warsaw.msi"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"notafiscal29831.pages.dev"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692714/; classtype:trojan-activity;sid:84555814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692712)"; flow:established,from_client; content:"GET"; http_method; content:"/rs.check|3f|t=ioloau95"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"jwr.m2jo.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692712/; classtype:trojan-activity;sid:84555812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692713)"; flow:established,from_client; content:"GET"; http_method; content:"/3cp1rm3jkf.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7m2x.w-8z35.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692713/; classtype:trojan-activity;sid:84555813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692711)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/main_mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692711/; classtype:trojan-activity;sid:84555811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.11.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692709/; classtype:trojan-activity;sid:84555809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.9.214"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692710/; classtype:trojan-activity;sid:84555810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.158.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692708/; classtype:trojan-activity;sid:84555808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.244.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692707/; classtype:trojan-activity;sid:84555807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.165.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692706/; classtype:trojan-activity;sid:84555806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692705)"; flow:established,from_client; content:"GET"; http_method; content:"/ig7.google|3f|t=3txtg7m1"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bj.t1va.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692705/; classtype:trojan-activity;sid:84555805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692704)"; flow:established,from_client; content:"GET"; http_method; content:"/r5z1fd12x2.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h1vf4.lu2p.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692704/; classtype:trojan-activity;sid:84555804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692703)"; flow:established,from_client; content:"GET"; http_method; content:"/c8waavaeqo.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"q7m2x.w-8z35.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692703/; classtype:trojan-activity;sid:84555803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692702)"; flow:established,from_client; content:"GET"; http_method; content:"/exlmn8vs"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bj.t1va.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692702/; classtype:trojan-activity;sid:84555802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692700/; classtype:trojan-activity;sid:84555800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.140.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692701/; classtype:trojan-activity;sid:84555801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.162.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692699/; classtype:trojan-activity;sid:84555799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.52.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692696/; classtype:trojan-activity;sid:84555796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.17.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692697/; classtype:trojan-activity;sid:84555797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692698/; classtype:trojan-activity;sid:84555798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692695)"; flow:established,from_client; content:"GET"; http_method; content:"/iv.check|3f|t=xt9gqttw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"h9l.zo8k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692695/; classtype:trojan-activity;sid:84555795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.6.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692694/; classtype:trojan-activity;sid:84555794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.78.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692693/; classtype:trojan-activity;sid:84555793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.158.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692692/; classtype:trojan-activity;sid:84555792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.249.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692691/; classtype:trojan-activity;sid:84555791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.52.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692690/; classtype:trojan-activity;sid:84555790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692689)"; flow:established,from_client; content:"GET"; http_method; content:"/zsdzswvq48.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"c6pz.lu2p.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692689/; classtype:trojan-activity;sid:84555789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692688)"; flow:established,from_client; content:"GET"; http_method; content:"/mn6rk5af"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"oql.da6v.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692688/; classtype:trojan-activity;sid:84555788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.17.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692686/; classtype:trojan-activity;sid:84555786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.161.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692687/; classtype:trojan-activity;sid:84555787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.162.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692685/; classtype:trojan-activity;sid:84555785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692684)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8379447128/jffvpld.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692684/; classtype:trojan-activity;sid:84555784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.202.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692683/; classtype:trojan-activity;sid:84555783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.78.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692682/; classtype:trojan-activity;sid:84555782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692681)"; flow:established,from_client; content:"GET"; http_method; content:"/3knbhoklgv.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"e9tk3.lu2p.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692681/; classtype:trojan-activity;sid:84555781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692680)"; flow:established,from_client; content:"GET"; http_method; content:"/5cwk4q8f"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5m.bo8y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692680/; classtype:trojan-activity;sid:84555780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692679)"; flow:established,from_client; content:"GET"; http_method; content:"/fozm6s1v9v.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"f7q2.q7jt-0k.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692679/; classtype:trojan-activity;sid:84555779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692678)"; flow:established,from_client; content:"GET"; http_method; content:"/jto.google|3f|t=kcdwlzo8"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5m.bo8y.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692678/; classtype:trojan-activity;sid:84555778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.152.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692677/; classtype:trojan-activity;sid:84555777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692676)"; flow:established,from_client; content:"GET"; http_method; content:"/8bw.google|3f|t=eb6iwdje"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"nw.mi9q.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692676/; classtype:trojan-activity;sid:84555776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.209.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692675/; classtype:trojan-activity;sid:84555775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692674)"; flow:established,from_client; content:"GET"; http_method; content:"/h7a134gd7f.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"f7q2.q7jt-0k.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692674/; classtype:trojan-activity;sid:84555774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.123.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692673/; classtype:trojan-activity;sid:84555773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692672/; classtype:trojan-activity;sid:84555772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692671)"; flow:established,from_client; content:"GET"; http_method; content:"/23bsnr7e3e.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"f7q2.q7jt-0k.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692671/; classtype:trojan-activity;sid:84555771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692670)"; flow:established,from_client; content:"GET"; http_method; content:"/105.google|3f|t=17x7pjk4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"wa.re7x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692670/; classtype:trojan-activity;sid:84555770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.30.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692668/; classtype:trojan-activity;sid:84555768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.8.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692669/; classtype:trojan-activity;sid:84555769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.125.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692667/; classtype:trojan-activity;sid:84555767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.209.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692666/; classtype:trojan-activity;sid:84555766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692665/; classtype:trojan-activity;sid:84555765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692664)"; flow:established,from_client; content:"GET"; http_method; content:"/17gly2oq"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"on.wi7o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692664/; classtype:trojan-activity;sid:84555764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692663)"; flow:established,from_client; content:"GET"; http_method; content:"/zpj9z33ff8.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"y8m2.lu2p.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692663/; classtype:trojan-activity;sid:84555763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.57.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692662/; classtype:trojan-activity;sid:84555762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.204.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692660/; classtype:trojan-activity;sid:84555760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692661/; classtype:trojan-activity;sid:84555761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692659/; classtype:trojan-activity;sid:84555759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.156.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692657/; classtype:trojan-activity;sid:84555757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.94.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692658/; classtype:trojan-activity;sid:84555758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.138.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692656/; classtype:trojan-activity;sid:84555756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.202.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692655/; classtype:trojan-activity;sid:84555755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.54.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692654/; classtype:trojan-activity;sid:84555754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.85.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692653/; classtype:trojan-activity;sid:84555753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692652)"; flow:established,from_client; content:"GET"; http_method; content:"/vk7.google|3f|t=iljf45ya"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"on.wi7o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692652/; classtype:trojan-activity;sid:84555752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692651)"; flow:established,from_client; content:"GET"; http_method; content:"/5rc9geaj2v.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p0r.q7jt-0k.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692651/; classtype:trojan-activity;sid:84555751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692650)"; flow:established,from_client; content:"GET"; http_method; content:"/xz9s2aglyh.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p0r.q7jt-0k.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692650/; classtype:trojan-activity;sid:84555750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692649)"; flow:established,from_client; content:"GET"; http_method; content:"/qwz.check|3f|t=3de8hu31"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"l8q.gi0x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692649/; classtype:trojan-activity;sid:84555749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.112.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692648/; classtype:trojan-activity;sid:84555748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.144.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692647/; classtype:trojan-activity;sid:84555747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.156.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692646/; classtype:trojan-activity;sid:84555746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.94.166"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692645/; classtype:trojan-activity;sid:84555745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692644)"; flow:established,from_client; content:"GET"; http_method; content:"/b6d.check|3f|t=0tqgx9bv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"sr7.va4n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692644/; classtype:trojan-activity;sid:84555744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692643)"; flow:established,from_client; content:"GET"; http_method; content:"/mqhvev11m2.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"9az.q7jt-0k.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692643/; classtype:trojan-activity;sid:84555743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692642)"; flow:established,from_client; content:"GET"; http_method; content:"/6ifz2prcyn.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"a5rl.lu2p.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692642/; classtype:trojan-activity;sid:84555742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692641)"; flow:established,from_client; content:"GET"; http_method; content:"/fk0dyl01"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sr7.va4n.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692641/; classtype:trojan-activity;sid:84555741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.103.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692639/; classtype:trojan-activity;sid:84555739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692640/; classtype:trojan-activity;sid:84555740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.247.88.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692638/; classtype:trojan-activity;sid:84555738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.8.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692637/; classtype:trojan-activity;sid:84555737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.253.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692636/; classtype:trojan-activity;sid:84555736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.191.32.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692634/; classtype:trojan-activity;sid:84555734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.193.172.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692635/; classtype:trojan-activity;sid:84555735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692633/; classtype:trojan-activity;sid:84555733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"74.214.56.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692632/; classtype:trojan-activity;sid:84555732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692631/; classtype:trojan-activity;sid:84555731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.213.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692630/; classtype:trojan-activity;sid:84555730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.144.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692629/; classtype:trojan-activity;sid:84555729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692628)"; flow:established,from_client; content:"GET"; http_method; content:"/drey2zbsg0.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wq1.q7jt-0k.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692628/; classtype:trojan-activity;sid:84555728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692627)"; flow:established,from_client; content:"GET"; http_method; content:"/0m.check|3f|t=sq6xckfs"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"la.zo4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692627/; classtype:trojan-activity;sid:84555727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.172.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692626/; classtype:trojan-activity;sid:84555726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692624)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692624/; classtype:trojan-activity;sid:84555724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692625)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692625/; classtype:trojan-activity;sid:84555725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692616)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692616/; classtype:trojan-activity;sid:84555716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692617)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692617/; classtype:trojan-activity;sid:84555717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692618)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692618/; classtype:trojan-activity;sid:84555718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692619)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692619/; classtype:trojan-activity;sid:84555719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692620)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692620/; classtype:trojan-activity;sid:84555720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692621)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692621/; classtype:trojan-activity;sid:84555721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692622)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692622/; classtype:trojan-activity;sid:84555722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692623)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"157.250.202.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692623/; classtype:trojan-activity;sid:84555723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.191.32.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692615/; classtype:trojan-activity;sid:84555715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.253.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692614/; classtype:trojan-activity;sid:84555714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692613)"; flow:established,from_client; content:"GET"; http_method; content:"/w6ctxe5pne.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"w9hd3.mi9q.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692613/; classtype:trojan-activity;sid:84555713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692612)"; flow:established,from_client; content:"GET"; http_method; content:"/v34v9ghx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"la.zo4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692612/; classtype:trojan-activity;sid:84555712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.174.196.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692611/; classtype:trojan-activity;sid:84555711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.91.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692610/; classtype:trojan-activity;sid:84555710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.199.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692609/; classtype:trojan-activity;sid:84555709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692607)"; flow:established,from_client; content:"GET"; http_method; content:"/x6.check|3f|t=1scbm21r"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ahh.ve5l.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692607/; classtype:trojan-activity;sid:84555707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692608)"; flow:established,from_client; content:"GET"; http_method; content:"/a6xpheioxm.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n6k.q7jt-0k.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692608/; classtype:trojan-activity;sid:84555708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.153.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692606/; classtype:trojan-activity;sid:84555706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692605)"; flow:established,from_client; content:"GET"; http_method; content:"/01.check|3f|t=e1dwdgp7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lj.lo2p.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692605/; classtype:trojan-activity;sid:84555705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692604)"; flow:established,from_client; content:"GET"; http_method; content:"/28qf41fm6c.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g2.q7jt-0k.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692604/; classtype:trojan-activity;sid:84555704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692603)"; flow:established,from_client; content:"GET"; http_method; content:"/y23dpf2s2u.3sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"g2.q7jt-0k.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692603/; classtype:trojan-activity;sid:84555703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692602)"; flow:established,from_client; content:"GET"; http_method; content:"/0qj.google|3f|t=k42p134i"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"4hp.je9t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692602/; classtype:trojan-activity;sid:84555702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692601)"; flow:established,from_client; content:"GET"; http_method; content:"/f44vgwro"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"4hp.je9t.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692601/; classtype:trojan-activity;sid:84555701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692600)"; flow:established,from_client; content:"GET"; http_method; content:"/gcq4ld8rp1.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"f7zn0.mi9q.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692600/; classtype:trojan-activity;sid:84555700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.74.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692598/; classtype:trojan-activity;sid:84555698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.21.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692599/; classtype:trojan-activity;sid:84555699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.126.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692596/; classtype:trojan-activity;sid:84555696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692597/; classtype:trojan-activity;sid:84555697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.23.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692595/; classtype:trojan-activity;sid:84555695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692594/; classtype:trojan-activity;sid:84555694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692592)"; flow:established,from_client; content:"GET"; http_method; content:"/y0.check|3f|t=ps63wpo2"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"e15.fi0m.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692592/; classtype:trojan-activity;sid:84555692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692593)"; flow:established,from_client; content:"GET"; http_method; content:"/lpud1i8lbr.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x4d2.w7tx-3t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692593/; classtype:trojan-activity;sid:84555693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.199.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692591/; classtype:trojan-activity;sid:84555691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.173.159.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692590/; classtype:trojan-activity;sid:84555690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692589/; classtype:trojan-activity;sid:84555689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692587)"; flow:established,from_client; content:"GET"; http_method; content:"/g74.google|3f|t=02lf8dhv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"mt.pe8d.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692587/; classtype:trojan-activity;sid:84555687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692588)"; flow:established,from_client; content:"GET"; http_method; content:"/wjpjmc3qlr.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x4d2.w7tx-3t.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692588/; classtype:trojan-activity;sid:84555688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.142.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692586/; classtype:trojan-activity;sid:84555686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692585/; classtype:trojan-activity;sid:84555685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.216.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692583/; classtype:trojan-activity;sid:84555683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.247.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692584/; classtype:trojan-activity;sid:84555684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.220.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692582/; classtype:trojan-activity;sid:84555682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.23.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692581/; classtype:trojan-activity;sid:84555681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.38.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692580/; classtype:trojan-activity;sid:84555680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692579/; classtype:trojan-activity;sid:84555679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692578)"; flow:established,from_client; content:"GET"; http_method; content:"/v1sqzuoz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"9y.sa3x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692578/; classtype:trojan-activity;sid:84555678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692577)"; flow:established,from_client; content:"GET"; http_method; content:"/jo5gtdfzqu.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"t4j2.mi9q.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692577/; classtype:trojan-activity;sid:84555677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692576)"; flow:established,from_client; content:"GET"; http_method; content:"/pu.check|3f|t=q1qhj84d"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"9y.sa3x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692576/; classtype:trojan-activity;sid:84555676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692575)"; flow:established,from_client; content:"GET"; http_method; content:"/a6ar1y066e.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2b7.w7tx-3t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692575/; classtype:trojan-activity;sid:84555675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.22.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692574/; classtype:trojan-activity;sid:84555674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.21.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692573/; classtype:trojan-activity;sid:84555673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692572/; classtype:trojan-activity;sid:84555672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.173.159.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692571/; classtype:trojan-activity;sid:84555671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692570)"; flow:established,from_client; content:"GET"; http_method; content:"/xiwez76hlf.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"s8lp.mi9q.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692570/; classtype:trojan-activity;sid:84555670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692569)"; flow:established,from_client; content:"GET"; http_method; content:"/g7tqxf138f.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tkm.w7tx-3t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692569/; classtype:trojan-activity;sid:84555669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692567)"; flow:established,from_client; content:"GET"; http_method; content:"/qkr9u164"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.ha5r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692567/; classtype:trojan-activity;sid:84555667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692568)"; flow:established,from_client; content:"GET"; http_method; content:"/usf.check|3f|t=6m28fz4m"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"80.ha5r.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692568/; classtype:trojan-activity;sid:84555668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692566)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.35.130.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692566/; classtype:trojan-activity;sid:84555666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.65.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692565/; classtype:trojan-activity;sid:84555665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692564)"; flow:established,from_client; content:"GET"; http_method; content:"/ogjwoj8gkj.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x3wr.mi9q.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692564/; classtype:trojan-activity;sid:84555664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.216.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692562/; classtype:trojan-activity;sid:84555662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692563)"; flow:established,from_client; content:"GET"; http_method; content:"/cxi.check|3f|t=em6y9k7d"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vsm.n6ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692563/; classtype:trojan-activity;sid:84555663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692561)"; flow:established,from_client; content:"GET"; http_method; content:"/ilyip5c2rp.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tkm.w7tx-3t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692561/; classtype:trojan-activity;sid:84555661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692560)"; flow:established,from_client; content:"GET"; http_method; content:"/i88wj0mu"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vsm.n6ri.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692560/; classtype:trojan-activity;sid:84555660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.111.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692559/; classtype:trojan-activity;sid:84555659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692558)"; flow:established,from_client; content:"GET"; http_method; content:"/v8dznxq7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ug8.x3le.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692558/; classtype:trojan-activity;sid:84555658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.91.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692557/; classtype:trojan-activity;sid:84555657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692556/; classtype:trojan-activity;sid:84555656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.161.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692555/; classtype:trojan-activity;sid:84555655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692554)"; flow:established,from_client; content:"GET"; http_method; content:"/27zou83a13.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r09.w7tx-3t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692554/; classtype:trojan-activity;sid:84555654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692553)"; flow:established,from_client; content:"GET"; http_method; content:"/7f.check|3f|t=blnl7qpw"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ug8.x3le.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692553/; classtype:trojan-activity;sid:84555653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692552)"; flow:established,from_client; content:"GET"; http_method; content:"/45hfriiw9g.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"x3wr.mi9q.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692552/; classtype:trojan-activity;sid:84555652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692551)"; flow:established,from_client; content:"GET"; http_method; content:"/1d2ws51w"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"un.m2jo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692551/; classtype:trojan-activity;sid:84555651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.218.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692550/; classtype:trojan-activity;sid:84555650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.233.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692549/; classtype:trojan-activity;sid:84555649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692548/; classtype:trojan-activity;sid:84555648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692546)"; flow:established,from_client; content:"GET"; http_method; content:"/6w.google|3f|t=oplzdnrb"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"un.m2jo.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692546/; classtype:trojan-activity;sid:84555646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692547)"; flow:established,from_client; content:"GET"; http_method; content:"/0u5ufpdei4.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"r09.w7tx-3t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692547/; classtype:trojan-activity;sid:84555647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692545/; classtype:trojan-activity;sid:84555645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692543)"; flow:established,from_client; content:"GET"; http_method; content:"/uv.google|3f|t=nihl09q6"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"l1t.t1va.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692543/; classtype:trojan-activity;sid:84555643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692544)"; flow:established,from_client; content:"GET"; http_method; content:"/n43dd2n47t.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h5x.w7tx-3t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692544/; classtype:trojan-activity;sid:84555644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.66.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692542/; classtype:trojan-activity;sid:84555642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.15.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692541/; classtype:trojan-activity;sid:84555641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692539)"; flow:established,from_client; content:"GET"; http_method; content:"/q9.check|3f|t=ioukgnkq"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ftb.zo8k.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692539/; classtype:trojan-activity;sid:84555639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692540)"; flow:established,from_client; content:"GET"; http_method; content:"/tk42js5ver.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h5x.w7tx-3t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692540/; classtype:trojan-activity;sid:84555640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.249.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692538/; classtype:trojan-activity;sid:84555638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692535)"; flow:established,from_client; content:"GET"; http_method; content:"/1i9.check|3f|t=po6f6oss"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"410.qo1s.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692535/; classtype:trojan-activity;sid:84555635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.190.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692536/; classtype:trojan-activity;sid:84555636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692537)"; flow:established,from_client; content:"GET"; http_method; content:"/exs904p302.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"h5x.w7tx-3t.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692537/; classtype:trojan-activity;sid:84555637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.48.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692534/; classtype:trojan-activity;sid:84555634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692533)"; flow:established,from_client; content:"GET"; http_method; content:"/ij.check|3f|t=evqta5ch"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ud.da6v.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692533/; classtype:trojan-activity;sid:84555633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692532)"; flow:established,from_client; content:"GET"; http_method; content:"/z863pqz9cl.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qv.w7tx-3t.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692532/; classtype:trojan-activity;sid:84555632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.218.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692531/; classtype:trojan-activity;sid:84555631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.59.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692530/; classtype:trojan-activity;sid:84555630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692529/; classtype:trojan-activity;sid:84555629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.15.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692528/; classtype:trojan-activity;sid:84555628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.199.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692527/; classtype:trojan-activity;sid:84555627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692526)"; flow:established,from_client; content:"GET"; http_method; content:"/wunk50wi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"2n4.yq2r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692526/; classtype:trojan-activity;sid:84555626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692525)"; flow:established,from_client; content:"GET"; http_method; content:"/8raim524a4.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"p2hk.fi0m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692525/; classtype:trojan-activity;sid:84555625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692524)"; flow:established,from_client; content:"GET"; http_method; content:"/bggzr8hs8h.2sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"qv.w7tx-3t.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692524/; classtype:trojan-activity;sid:84555624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692523)"; flow:established,from_client; content:"GET"; http_method; content:"/sm1.google|3f|t=btl9nv5z"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"2n4.yq2r.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692523/; classtype:trojan-activity;sid:84555623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.171.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692522/; classtype:trojan-activity;sid:84555622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.232.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692521/; classtype:trojan-activity;sid:84555621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.201.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692520/; classtype:trojan-activity;sid:84555620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.48.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692519/; classtype:trojan-activity;sid:84555619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.186.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692518/; classtype:trojan-activity;sid:84555618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.71.60.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692517/; classtype:trojan-activity;sid:84555617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.76.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692516/; classtype:trojan-activity;sid:84555616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692515/; classtype:trojan-activity;sid:84555615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692514)"; flow:established,from_client; content:"GET"; http_method; content:"/pvs.google|3f|t=dbdvymw2"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"c4u.bo8y.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692514/; classtype:trojan-activity;sid:84555614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692513)"; flow:established,from_client; content:"GET"; http_method; content:"/j7d6lf39gl.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d4m1.i3-42s.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692513/; classtype:trojan-activity;sid:84555613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692512)"; flow:established,from_client; content:"GET"; http_method; content:"/ucvvi1zkj4.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"n4t5.fi0m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692512/; classtype:trojan-activity;sid:84555612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692511)"; flow:established,from_client; content:"GET"; http_method; content:"/lz3pgcap"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ocx.mi9q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692511/; classtype:trojan-activity;sid:84555611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692509)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692509/; classtype:trojan-activity;sid:84555609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692510)"; flow:established,from_client; content:"GET"; http_method; content:"/ljezs/uytea.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"212.193.3.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692510/; classtype:trojan-activity;sid:84555610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692507)"; flow:established,from_client; content:"GET"; http_method; content:"/d6.check|3f|t=vbps0jsv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"ocx.mi9q.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692507/; classtype:trojan-activity;sid:84555607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692508)"; flow:established,from_client; content:"GET"; http_method; content:"/ka9a0v3m9j.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"d4m1.i3-42s.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692508/; classtype:trojan-activity;sid:84555608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.47.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692506/; classtype:trojan-activity;sid:84555606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.160.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692505/; classtype:trojan-activity;sid:84555605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692504)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8434554557/06bk6nu.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692504/; classtype:trojan-activity;sid:84555604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.199.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692503/; classtype:trojan-activity;sid:84555603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.66.24.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692502/; classtype:trojan-activity;sid:84555602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.186.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692501/; classtype:trojan-activity;sid:84555601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692500)"; flow:established,from_client; content:"GET"; http_method; content:"/u8mkhc7zok.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"a92.i3-42s.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692500/; classtype:trojan-activity;sid:84555600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692499)"; flow:established,from_client; content:"GET"; http_method; content:"/x5.check|3f|t=6fij6m8o"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"p4p.re7x.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692499/; classtype:trojan-activity;sid:84555599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692498)"; flow:established,from_client; content:"GET"; http_method; content:"/sq6m73odit.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j9m3z.fi0m.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692498/; classtype:trojan-activity;sid:84555598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692497)"; flow:established,from_client; content:"GET"; http_method; content:"/wzxhti9o"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"qt.wi7o.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692497/; classtype:trojan-activity;sid:84555597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.76.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692496/; classtype:trojan-activity;sid:84555596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692495/; classtype:trojan-activity;sid:84555595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692493)"; flow:established,from_client; content:"GET"; http_method; content:"/eob.check|3f|t=8outg4en"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"a2.gi0x.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692493/; classtype:trojan-activity;sid:84555593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692494)"; flow:established,from_client; content:"GET"; http_method; content:"/gky728olzs.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z1n.i3-42s.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692494/; classtype:trojan-activity;sid:84555594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692491/; classtype:trojan-activity;sid:84555591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"96.66.24.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692492/; classtype:trojan-activity;sid:84555592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692490)"; flow:established,from_client; content:"GET"; http_method; content:"/bwkurtqntz.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"z1n.i3-42s.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692490/; classtype:trojan-activity;sid:84555590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692489)"; flow:established,from_client; content:"GET"; http_method; content:"/kv3.check|3f|t=xzcmp2r8"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"xj.va4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692489/; classtype:trojan-activity;sid:84555589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692488)"; flow:established,from_client; content:"GET"; http_method; content:"/9imdb6flxv.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"j9m3z.fi0m.online"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692488/; classtype:trojan-activity;sid:84555588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692487)"; flow:established,from_client; content:"GET"; http_method; content:"/tu5oehh5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xj.va4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692487/; classtype:trojan-activity;sid:84555587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.104.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692486/; classtype:trojan-activity;sid:84555586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.154.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692485/; classtype:trojan-activity;sid:84555585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.115.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692484/; classtype:trojan-activity;sid:84555584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.12.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692483/; classtype:trojan-activity;sid:84555583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692482)"; flow:established,from_client; content:"GET"; http_method; content:"/wnwdiyd4ln.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"tq8.i3-42s.ru"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692482/; classtype:trojan-activity;sid:84555582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692481)"; flow:established,from_client; content:"GET"; http_method; content:"/9tjojhjyq0.map"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"b7qx.fi0m.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692481/; classtype:trojan-activity;sid:84555581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692480)"; flow:established,from_client; content:"GET"; http_method; content:"/pzu.check|3f|t=u38kl66v"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"29.zo4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692480/; classtype:trojan-activity;sid:84555580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692479)"; flow:established,from_client; content:"GET"; http_method; content:"/k3pgu7tf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"29.zo4n.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692479/; classtype:trojan-activity;sid:84555579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.217.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692478/; classtype:trojan-activity;sid:84555578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_01; reference:url, urlhaus.abuse.ch/url/3692477/; classtype:trojan-activity;sid:84555577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692275)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"196.251.115.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692275/; classtype:trojan-activity;sid:84555375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.214.245.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692261/; classtype:trojan-activity;sid:84555361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.225.1.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692243/; classtype:trojan-activity;sid:84555343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692204)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.104.228.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692204/; classtype:trojan-activity;sid:84555304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692102/; classtype:trojan-activity;sid:84555202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3692077)"; flow:established,from_client; content:"GET"; http_method; content:"/files/6331503294/dpzcory.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3692077/; classtype:trojan-activity;sid:84555177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691925)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.160.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691925/; classtype:trojan-activity;sid:84555025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691924)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.184.227.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691924/; classtype:trojan-activity;sid:84555024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691923)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.174.142.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691923/; classtype:trojan-activity;sid:84555023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691919)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.85.201.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691919/; classtype:trojan-activity;sid:84555019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.157.58.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691918/; classtype:trojan-activity;sid:84555018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.171.212.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691915/; classtype:trojan-activity;sid:84555015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691909)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.126.143.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691909/; classtype:trojan-activity;sid:84555009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691906)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"108.176.149.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691906/; classtype:trojan-activity;sid:84555006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.195.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691855/; classtype:trojan-activity;sid:84554955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.195.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691834/; classtype:trojan-activity;sid:84554934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.174.196.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691808/; classtype:trojan-activity;sid:84554908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691747)"; flow:established,from_client; content:"GET"; http_method; content:"/lqbjxcpx.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.215.85.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691747/; classtype:trojan-activity;sid:84554847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691746)"; flow:established,from_client; content:"GET"; http_method; content:"/cl.vbs"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.215.85.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691746/; classtype:trojan-activity;sid:84554846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691740)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691740/; classtype:trojan-activity;sid:84554840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691737)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691737/; classtype:trojan-activity;sid:84554837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691735)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691735/; classtype:trojan-activity;sid:84554835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691736)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691736/; classtype:trojan-activity;sid:84554836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691733)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.114.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691733/; classtype:trojan-activity;sid:84554833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691689)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.49.148.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691689/; classtype:trojan-activity;sid:84554789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691690)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.49.148.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691690/; classtype:trojan-activity;sid:84554790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691691)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.49.148.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691691/; classtype:trojan-activity;sid:84554791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691692)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.49.148.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691692/; classtype:trojan-activity;sid:84554792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691695)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.49.148.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691695/; classtype:trojan-activity;sid:84554795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691696)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.49.148.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691696/; classtype:trojan-activity;sid:84554796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691688)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"37.49.148.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691688/; classtype:trojan-activity;sid:84554788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691685)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.49.148.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691685/; classtype:trojan-activity;sid:84554785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691667)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.49.148.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691667/; classtype:trojan-activity;sid:84554767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691625/; classtype:trojan-activity;sid:84554725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691617/; classtype:trojan-activity;sid:84554717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_31; reference:url, urlhaus.abuse.ch/url/3691605/; classtype:trojan-activity;sid:84554705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.172.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691533/; classtype:trojan-activity;sid:84554633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.172.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691518/; classtype:trojan-activity;sid:84554618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691488)"; flow:established,from_client; content:"GET"; http_method; content:"/88/m0uuou00uyuy00u0u/o090njhjh89jjjhjhdgf545jnbmmnb0jkhhjkkh0jfhddsd49hhgbn98ds3ddswe3dgfgggf0nnmb80nmuhuh.doc"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"172.245.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691488/; classtype:trojan-activity;sid:84554588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691487)"; flow:established,from_client; content:"GET"; http_method; content:"/88/m0uuou00uyuy00u0u/o090njhjh89jjjhjhdgf545jnbmmnb0jkhhjkkh0jfhddsd49hhgbn98ds3ddswe3dgfgggf0nnmb80nmuhuh.doc"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"172.245.95.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691487/; classtype:trojan-activity;sid:84554587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691455)"; flow:established,from_client; content:"GET"; http_method; content:"/svchron.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691455/; classtype:trojan-activity;sid:84554555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691443)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.89.73.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691443/; classtype:trojan-activity;sid:84554543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691444)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691444/; classtype:trojan-activity;sid:84554544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691445)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"124.70.100.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691445/; classtype:trojan-activity;sid:84554545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691440)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.186.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691440/; classtype:trojan-activity;sid:84554540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691431)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.22.192.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691431/; classtype:trojan-activity;sid:84554531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691428)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.77.200.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691428/; classtype:trojan-activity;sid:84554528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691423)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.151.0.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691423/; classtype:trojan-activity;sid:84554523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691294/; classtype:trojan-activity;sid:84554394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.88.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691224/; classtype:trojan-activity;sid:84554324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691166)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.115.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691166/; classtype:trojan-activity;sid:84554266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691167)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.115.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691167/; classtype:trojan-activity;sid:84554267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691168)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.115.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691168/; classtype:trojan-activity;sid:84554268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691012)"; flow:established,from_client; content:"GET"; http_method; content:"/7526e77af84e4d3da650295a11488a99_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691012/; classtype:trojan-activity;sid:84554112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691013)"; flow:established,from_client; content:"GET"; http_method; content:"/approve"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"144.31.90.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691013/; classtype:trojan-activity;sid:84554113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691003)"; flow:established,from_client; content:"GET"; http_method; content:"/obfdownload2/task.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"31.172.80.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691003/; classtype:trojan-activity;sid:84554103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3690970/; classtype:trojan-activity;sid:84554070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.115.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3690907/; classtype:trojan-activity;sid:84554007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.115.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3690900/; classtype:trojan-activity;sid:84554000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/morte.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.115.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3690893/; classtype:trojan-activity;sid:84553993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.101.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3690876/; classtype:trojan-activity;sid:84553976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.101.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3690868/; classtype:trojan-activity;sid:84553968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.88.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690764/; classtype:trojan-activity;sid:84553864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690721)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"154.198.49.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690721/; classtype:trojan-activity;sid:84553821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690719)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.162.117.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690719/; classtype:trojan-activity;sid:84553819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690716)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"136.115.102.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690716/; classtype:trojan-activity;sid:84553816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690696)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.7.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690696/; classtype:trojan-activity;sid:84553796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.194.20.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690697/; classtype:trojan-activity;sid:84553797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.164.188.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690700/; classtype:trojan-activity;sid:84553800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.87.37.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690703/; classtype:trojan-activity;sid:84553803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690688)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"161.97.108.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690688/; classtype:trojan-activity;sid:84553788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690667)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/bof.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"polimakels.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690667/; classtype:trojan-activity;sid:84553767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690666)"; flow:established,from_client; content:"GET"; http_method; content:"/xss/buf.js"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"polimakels.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690666/; classtype:trojan-activity;sid:84553766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690626)"; flow:established,from_client; content:"GET"; http_method; content:"/emartors.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690626/; classtype:trojan-activity;sid:84553726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690624)"; flow:established,from_client; content:"GET"; http_method; content:"/document.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690624/; classtype:trojan-activity;sid:84553724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690616)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/theme-compat/toters.vbs"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"arhitectpitesti.ro"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690616/; classtype:trojan-activity;sid:84553716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690476/; classtype:trojan-activity;sid:84553576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.45.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690469/; classtype:trojan-activity;sid:84553569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690462)"; flow:established,from_client; content:"GET"; http_method; content:"/qtkkkxlzuc.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"196.251.83.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690462/; classtype:trojan-activity;sid:84553562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690463)"; flow:established,from_client; content:"GET"; http_method; content:"/shyogrqdb.mp3"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"196.251.83.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690463/; classtype:trojan-activity;sid:84553563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690449)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7453936223/2o7gwsz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690449/; classtype:trojan-activity;sid:84553549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690296)"; flow:established,from_client; content:"GET"; http_method; content:"/mbjdf8dsh/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"23.94.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690296/; classtype:trojan-activity;sid:84553396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690297)"; flow:established,from_client; content:"GET"; http_method; content:"/mbjdf8dsh/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"23.94.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690297/; classtype:trojan-activity;sid:84553397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690298)"; flow:established,from_client; content:"GET"; http_method; content:"/mbjdf8dsh/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"23.94.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690298/; classtype:trojan-activity;sid:84553398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690293)"; flow:established,from_client; content:"GET"; http_method; content:"/mbjdf8dsh/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.94.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690293/; classtype:trojan-activity;sid:84553393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690295)"; flow:established,from_client; content:"GET"; http_method; content:"/mbjdf8dsh/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"23.94.145.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690295/; classtype:trojan-activity;sid:84553395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.93.81.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690262/; classtype:trojan-activity;sid:84553362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690186)"; flow:established,from_client; content:"GET"; http_method; content:"/20/items/msi-pro-with-b-64_20251024/msi_pro_with_b64.png"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ia801507.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690186/; classtype:trojan-activity;sid:84553286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690139)"; flow:established,from_client; content:"GET"; http_method; content:"/aplikasi/athena777.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"athena777.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690139/; classtype:trojan-activity;sid:84553239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.84.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690061/; classtype:trojan-activity;sid:84553161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689738)"; flow:established,from_client; content:"GET"; http_method; content:"/website/apk/kalyanmatka.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"kalyanmatka.world"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689738/; classtype:trojan-activity;sid:84552838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689726)"; flow:established,from_client; content:"GET"; http_method; content:"/rh_0.9.3.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689726/; classtype:trojan-activity;sid:84552826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689715)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.197.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689715/; classtype:trojan-activity;sid:84552815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689713)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689713/; classtype:trojan-activity;sid:84552813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.15.112.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689698/; classtype:trojan-activity;sid:84552798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.197.62.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689700/; classtype:trojan-activity;sid:84552800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.45.96.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689683/; classtype:trojan-activity;sid:84552783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.45.96.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689673/; classtype:trojan-activity;sid:84552773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.117.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689656/; classtype:trojan-activity;sid:84552756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.68.52.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689578/; classtype:trojan-activity;sid:84552678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.68.52.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689561/; classtype:trojan-activity;sid:84552661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689479/; classtype:trojan-activity;sid:84552579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.44.242.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689438/; classtype:trojan-activity;sid:84552538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689390)"; flow:established,from_client; content:"GET"; http_method; content:"/nueva%20carpeta/copi.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"hostphpwindowsdriversappssapo.duckdns.org"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689390/; classtype:trojan-activity;sid:84552490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689379)"; flow:established,from_client; content:"GET"; http_method; content:"/8e80f7c2f9fd401690d18a13bd88ea39_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689379/; classtype:trojan-activity;sid:84552479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689376)"; flow:established,from_client; content:"GET"; http_method; content:"/1494524d9e3b4685b5352708f1aa2787_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689376/; classtype:trojan-activity;sid:84552476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689377)"; flow:established,from_client; content:"GET"; http_method; content:"/3e53b583f4aa40c4a70628effea27720_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689377/; classtype:trojan-activity;sid:84552477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689378)"; flow:established,from_client; content:"GET"; http_method; content:"/11bcdfb61ed64e4bbf952803fb5c26c6_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689378/; classtype:trojan-activity;sid:84552478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689366)"; flow:established,from_client; content:"GET"; http_method; content:"/f3fa46ca3afc4d9fa1fd900f983dbbe4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689366/; classtype:trojan-activity;sid:84552466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689367)"; flow:established,from_client; content:"GET"; http_method; content:"/4c729290b4914c0297f2c0f2e4b5706a_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689367/; classtype:trojan-activity;sid:84552467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689368)"; flow:established,from_client; content:"GET"; http_method; content:"/4c2b67a0d3d04d028f22b48b46e0265a_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689368/; classtype:trojan-activity;sid:84552468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689369)"; flow:established,from_client; content:"GET"; http_method; content:"/e7e4c41870d94bce9a385e421342063b_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689369/; classtype:trojan-activity;sid:84552469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689370)"; flow:established,from_client; content:"GET"; http_method; content:"/fb910d1e9a954836a2a3e355e6133e83_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689370/; classtype:trojan-activity;sid:84552470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689371)"; flow:established,from_client; content:"GET"; http_method; content:"/2473a890580547efb88bee207887e94b_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689371/; classtype:trojan-activity;sid:84552471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689372)"; flow:established,from_client; content:"GET"; http_method; content:"/81f2549f89634e88a5c53f428f7e9658_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689372/; classtype:trojan-activity;sid:84552472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689373)"; flow:established,from_client; content:"GET"; http_method; content:"/cdb28c61fb4645f29b9ddc59c6296ecf_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689373/; classtype:trojan-activity;sid:84552473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689374)"; flow:established,from_client; content:"GET"; http_method; content:"/b4d0da2ca74043a9bb094c846daf12d7_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689374/; classtype:trojan-activity;sid:84552474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689375)"; flow:established,from_client; content:"GET"; http_method; content:"/8bd0ebb69bd14edcbbc84237dd9555a4_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689375/; classtype:trojan-activity;sid:84552475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689350)"; flow:established,from_client; content:"GET"; http_method; content:"/dfdsvc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689350/; classtype:trojan-activity;sid:84552450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689344)"; flow:established,from_client; content:"GET"; http_method; content:"/d/boss67971"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.119.139.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689344/; classtype:trojan-activity;sid:84552444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689345)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689345/; classtype:trojan-activity;sid:84552445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689346)"; flow:established,from_client; content:"GET"; http_method; content:"/xiobv.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689346/; classtype:trojan-activity;sid:84552446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689348)"; flow:established,from_client; content:"GET"; http_method; content:"/985d5479181846d4ad1c9efdd6d9d780_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689348/; classtype:trojan-activity;sid:84552448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689227)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"downloader.nvms9000.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689227/; classtype:trojan-activity;sid:84552327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689228)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"downloader.nvms9000.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689228/; classtype:trojan-activity;sid:84552328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.209.207.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689214/; classtype:trojan-activity;sid:84552314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.209.207.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689201/; classtype:trojan-activity;sid:84552301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.168.144.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3689156/; classtype:trojan-activity;sid:84552256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3689034/; classtype:trojan-activity;sid:84552134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.24.176.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3689021/; classtype:trojan-activity;sid:84552121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689016)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.178.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3689016/; classtype:trojan-activity;sid:84552116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"161.142.239.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3689010/; classtype:trojan-activity;sid:84552110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688995)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.49.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688995/; classtype:trojan-activity;sid:84552095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688996)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.234.173.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688996/; classtype:trojan-activity;sid:84552096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688997)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"183.171.7.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688997/; classtype:trojan-activity;sid:84552097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688999)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"153.174.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688999/; classtype:trojan-activity;sid:84552099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688941)"; flow:established,from_client; content:"GET"; http_method; content:"/limi/abounding_proposal.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"tajalrayhan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688941/; classtype:trojan-activity;sid:84552041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688936)"; flow:established,from_client; content:"GET"; http_method; content:"/20250804.7z"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"access.dragongolf.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688936/; classtype:trojan-activity;sid:84552036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688823)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688823/; classtype:trojan-activity;sid:84551923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688822)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688822/; classtype:trojan-activity;sid:84551922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688821)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688821/; classtype:trojan-activity;sid:84551921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688820)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688820/; classtype:trojan-activity;sid:84551920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688819)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688819/; classtype:trojan-activity;sid:84551919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688818)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688818/; classtype:trojan-activity;sid:84551918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688817)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688817/; classtype:trojan-activity;sid:84551917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688816)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688816/; classtype:trojan-activity;sid:84551916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688814)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688814/; classtype:trojan-activity;sid:84551914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688815)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688815/; classtype:trojan-activity;sid:84551915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688812)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688812/; classtype:trojan-activity;sid:84551912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688813)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688813/; classtype:trojan-activity;sid:84551913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688791)"; flow:established,from_client; content:"GET"; http_method; content:"/10.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688791/; classtype:trojan-activity;sid:84551891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.29.46.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688731/; classtype:trojan-activity;sid:84551831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688726)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688726/; classtype:trojan-activity;sid:84551826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688720)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688720/; classtype:trojan-activity;sid:84551820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688722)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688722/; classtype:trojan-activity;sid:84551822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688723)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688723/; classtype:trojan-activity;sid:84551823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688724)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688724/; classtype:trojan-activity;sid:84551824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688725)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688725/; classtype:trojan-activity;sid:84551825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688716)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688716/; classtype:trojan-activity;sid:84551816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688692)"; flow:established,from_client; content:"GET"; http_method; content:"/xmr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688692/; classtype:trojan-activity;sid:84551792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688691)"; flow:established,from_client; content:"GET"; http_method; content:"/v.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688691/; classtype:trojan-activity;sid:84551791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688690)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688690/; classtype:trojan-activity;sid:84551790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.166.85.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688689/; classtype:trojan-activity;sid:84551789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688659)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688659/; classtype:trojan-activity;sid:84551759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688580)"; flow:established,from_client; content:"GET"; http_method; content:"/zocp.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688580/; classtype:trojan-activity;sid:84551680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688498)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688498/; classtype:trojan-activity;sid:84551598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688499)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688499/; classtype:trojan-activity;sid:84551599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.61.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688500/; classtype:trojan-activity;sid:84551600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688501)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.111.78.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688501/; classtype:trojan-activity;sid:84551601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688225)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.ppc"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688225/; classtype:trojan-activity;sid:84551325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688227)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.sh4"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688227/; classtype:trojan-activity;sid:84551327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688214)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688214/; classtype:trojan-activity;sid:84551314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688217)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688217/; classtype:trojan-activity;sid:84551317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688219)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm7"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688219/; classtype:trojan-activity;sid:84551319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688220)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm64"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688220/; classtype:trojan-activity;sid:84551320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688221)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.m68k"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688221/; classtype:trojan-activity;sid:84551321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688223)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.arm5"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688223/; classtype:trojan-activity;sid:84551323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688224)"; flow:established,from_client; content:"GET"; http_method; content:"/windyluvexecutor/executor.i686"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"143.20.185.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688224/; classtype:trojan-activity;sid:84551324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.85.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688178/; classtype:trojan-activity;sid:84551278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688160/; classtype:trojan-activity;sid:84551260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.78.212.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688129/; classtype:trojan-activity;sid:84551229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.79.244.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688123/; classtype:trojan-activity;sid:84551223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.117.211.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688124/; classtype:trojan-activity;sid:84551224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688118)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.254.164.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688118/; classtype:trojan-activity;sid:84551218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688113)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.235.204.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688113/; classtype:trojan-activity;sid:84551213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688005)"; flow:established,from_client; content:"GET"; http_method; content:"/10/items/msi-pro-with-b-64_20251023/msi_pro_with_b64.png"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"ia601400.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3688005/; classtype:trojan-activity;sid:84551105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687976)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32.uhavenobotsxd"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687976/; classtype:trojan-activity;sid:84551076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687923)"; flow:established,from_client; content:"GET"; http_method; content:"/gaagu0ehwesj9ia5lhlz4puhckc2bnov/1boi0txtjjwgzs1bzlecvjpguwqpye3k.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"178.16.52.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687923/; classtype:trojan-activity;sid:84551023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687921)"; flow:established,from_client; content:"GET"; http_method; content:"/gaagu0ehwesj9ia5lhlz4puhckc2bnov/8gvk01wwwxhhto7bj1pwbajm8yonuuqf.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"178.16.52.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687921/; classtype:trojan-activity;sid:84551021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687916)"; flow:established,from_client; content:"GET"; http_method; content:"/y6m2uw0dgi.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"filerit.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687916/; classtype:trojan-activity;sid:84551016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687914)"; flow:established,from_client; content:"GET"; http_method; content:"/4aa9fqc792.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pub-bfc34934a91a4893817098f73415917a.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687914/; classtype:trojan-activity;sid:84551014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687804/; classtype:trojan-activity;sid:84550904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687753)"; flow:established,from_client; content:"GET"; http_method; content:"/zibll001/ffff/refs/heads/main/web.sh"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687753/; classtype:trojan-activity;sid:84550853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687752)"; flow:established,from_client; content:"GET"; http_method; content:"/clipper.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687752/; classtype:trojan-activity;sid:84550852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687751)"; flow:established,from_client; content:"GET"; http_method; content:"/files/mr/random.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687751/; classtype:trojan-activity;sid:84550851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.68.110.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687326/; classtype:trojan-activity;sid:84550426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687314)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"27.79.60.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687314/; classtype:trojan-activity;sid:84550414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.214.63.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687316/; classtype:trojan-activity;sid:84550416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.68.110.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687294/; classtype:trojan-activity;sid:84550394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687233)"; flow:established,from_client; content:"GET"; http_method; content:"/b1n/arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"78.153.140.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687233/; classtype:trojan-activity;sid:84550333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.53.25.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687127/; classtype:trojan-activity;sid:84550227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687060)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687060/; classtype:trojan-activity;sid:84550160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687045)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687045/; classtype:trojan-activity;sid:84550145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687046)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687046/; classtype:trojan-activity;sid:84550146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687038)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687038/; classtype:trojan-activity;sid:84550138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687039)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687039/; classtype:trojan-activity;sid:84550139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687040)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687040/; classtype:trojan-activity;sid:84550140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687042)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687042/; classtype:trojan-activity;sid:84550142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687043)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687043/; classtype:trojan-activity;sid:84550143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687044)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687044/; classtype:trojan-activity;sid:84550144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687030)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687030/; classtype:trojan-activity;sid:84550130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687031)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687031/; classtype:trojan-activity;sid:84550131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687032)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687032/; classtype:trojan-activity;sid:84550132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687034)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687034/; classtype:trojan-activity;sid:84550134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687035)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687035/; classtype:trojan-activity;sid:84550135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687036)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687036/; classtype:trojan-activity;sid:84550136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687037)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687037/; classtype:trojan-activity;sid:84550137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687029)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687029/; classtype:trojan-activity;sid:84550129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687019)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687019/; classtype:trojan-activity;sid:84550119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687020)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687020/; classtype:trojan-activity;sid:84550120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687021)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687021/; classtype:trojan-activity;sid:84550121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687022)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687022/; classtype:trojan-activity;sid:84550122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687023)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687023/; classtype:trojan-activity;sid:84550123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687024)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687024/; classtype:trojan-activity;sid:84550124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687025)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687025/; classtype:trojan-activity;sid:84550125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687026)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687026/; classtype:trojan-activity;sid:84550126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687028)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687028/; classtype:trojan-activity;sid:84550128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687016)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687016/; classtype:trojan-activity;sid:84550116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687017)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687017/; classtype:trojan-activity;sid:84550117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687018)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687018/; classtype:trojan-activity;sid:84550118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687015)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687015/; classtype:trojan-activity;sid:84550115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687014)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687014/; classtype:trojan-activity;sid:84550114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687010)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.lockersrelais2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687010/; classtype:trojan-activity;sid:84550110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687011)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687011/; classtype:trojan-activity;sid:84550111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687012)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.jesuisbon-le.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687012/; classtype:trojan-activity;sid:84550112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686998)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686998/; classtype:trojan-activity;sid:84550098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687001)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687001/; classtype:trojan-activity;sid:84550101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687003)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3687003/; classtype:trojan-activity;sid:84550103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686993)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686993/; classtype:trojan-activity;sid:84550093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686982)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686982/; classtype:trojan-activity;sid:84550082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686973)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686973/; classtype:trojan-activity;sid:84550073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686975)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686975/; classtype:trojan-activity;sid:84550075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686976)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686976/; classtype:trojan-activity;sid:84550076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686978)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686978/; classtype:trojan-activity;sid:84550078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686963)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686963/; classtype:trojan-activity;sid:84550063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686964)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686964/; classtype:trojan-activity;sid:84550064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686966)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686966/; classtype:trojan-activity;sid:84550066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686959)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686959/; classtype:trojan-activity;sid:84550059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686962)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686962/; classtype:trojan-activity;sid:84550062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686949)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686949/; classtype:trojan-activity;sid:84550049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686945)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"portail-locker.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686945/; classtype:trojan-activity;sid:84550045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686942)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686942/; classtype:trojan-activity;sid:84550042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686940)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686940/; classtype:trojan-activity;sid:84550040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686941)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686941/; classtype:trojan-activity;sid:84550041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686931)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686931/; classtype:trojan-activity;sid:84550031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686932)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686932/; classtype:trojan-activity;sid:84550032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686933)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686933/; classtype:trojan-activity;sid:84550033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686934)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686934/; classtype:trojan-activity;sid:84550034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686935)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686935/; classtype:trojan-activity;sid:84550035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686936)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686936/; classtype:trojan-activity;sid:84550036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686937)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686937/; classtype:trojan-activity;sid:84550037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686939)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686939/; classtype:trojan-activity;sid:84550039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686928)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686928/; classtype:trojan-activity;sid:84550028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686927)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686927/; classtype:trojan-activity;sid:84550027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686917)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686917/; classtype:trojan-activity;sid:84550017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686919)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686919/; classtype:trojan-activity;sid:84550019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686921)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686921/; classtype:trojan-activity;sid:84550021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686922)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686922/; classtype:trojan-activity;sid:84550022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686923)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686923/; classtype:trojan-activity;sid:84550023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686924)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686924/; classtype:trojan-activity;sid:84550024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686925)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686925/; classtype:trojan-activity;sid:84550025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686926)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686926/; classtype:trojan-activity;sid:84550026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686897)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686897/; classtype:trojan-activity;sid:84549997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686898)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686898/; classtype:trojan-activity;sid:84549998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686899)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686899/; classtype:trojan-activity;sid:84549999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686900)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686900/; classtype:trojan-activity;sid:84550000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686901)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686901/; classtype:trojan-activity;sid:84550001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686902)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686902/; classtype:trojan-activity;sid:84550002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686904)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686904/; classtype:trojan-activity;sid:84550004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686906)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686906/; classtype:trojan-activity;sid:84550006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686909)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686909/; classtype:trojan-activity;sid:84550009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686910)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686910/; classtype:trojan-activity;sid:84550010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686912)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"trajet-mondialrelay.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686912/; classtype:trojan-activity;sid:84550012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686913)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686913/; classtype:trojan-activity;sid:84550013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686914)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686914/; classtype:trojan-activity;sid:84550014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686915)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686915/; classtype:trojan-activity;sid:84550015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686896)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686896/; classtype:trojan-activity;sid:84549996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686895)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686895/; classtype:trojan-activity;sid:84549995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686893)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686893/; classtype:trojan-activity;sid:84549993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686890)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686890/; classtype:trojan-activity;sid:84549990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686891)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686891/; classtype:trojan-activity;sid:84549991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686892)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"point-relais-lockers.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686892/; classtype:trojan-activity;sid:84549992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686889)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.point-relais-lockers.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686889/; classtype:trojan-activity;sid:84549989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686877)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686877/; classtype:trojan-activity;sid:84549977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686872)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686872/; classtype:trojan-activity;sid:84549972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686873)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686873/; classtype:trojan-activity;sid:84549973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686874)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686874/; classtype:trojan-activity;sid:84549974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686875)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686875/; classtype:trojan-activity;sid:84549975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686876)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686876/; classtype:trojan-activity;sid:84549976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686868)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686868/; classtype:trojan-activity;sid:84549968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686861)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686861/; classtype:trojan-activity;sid:84549961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686862)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686862/; classtype:trojan-activity;sid:84549962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686865)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686865/; classtype:trojan-activity;sid:84549965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686866)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686866/; classtype:trojan-activity;sid:84549966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686867)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686867/; classtype:trojan-activity;sid:84549967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686857)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686857/; classtype:trojan-activity;sid:84549957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686858)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686858/; classtype:trojan-activity;sid:84549958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686859)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686859/; classtype:trojan-activity;sid:84549959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686860)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686860/; classtype:trojan-activity;sid:84549960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686846)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686846/; classtype:trojan-activity;sid:84549946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686847)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686847/; classtype:trojan-activity;sid:84549947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686848)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686848/; classtype:trojan-activity;sid:84549948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686849)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686849/; classtype:trojan-activity;sid:84549949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686850)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686850/; classtype:trojan-activity;sid:84549950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686851)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686851/; classtype:trojan-activity;sid:84549951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686852)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686852/; classtype:trojan-activity;sid:84549952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686853)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686853/; classtype:trojan-activity;sid:84549953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686854)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686854/; classtype:trojan-activity;sid:84549954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686855)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686855/; classtype:trojan-activity;sid:84549955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686856)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686856/; classtype:trojan-activity;sid:84549956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686842)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686842/; classtype:trojan-activity;sid:84549942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686843)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686843/; classtype:trojan-activity;sid:84549943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686844)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686844/; classtype:trojan-activity;sid:84549944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686845)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686845/; classtype:trojan-activity;sid:84549945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686840)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686840/; classtype:trojan-activity;sid:84549940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686841)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686841/; classtype:trojan-activity;sid:84549941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686829)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686829/; classtype:trojan-activity;sid:84549929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686830)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686830/; classtype:trojan-activity;sid:84549930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686831)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686831/; classtype:trojan-activity;sid:84549931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686832)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686832/; classtype:trojan-activity;sid:84549932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686833)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686833/; classtype:trojan-activity;sid:84549933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686834)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686834/; classtype:trojan-activity;sid:84549934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686835)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686835/; classtype:trojan-activity;sid:84549935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686836)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686836/; classtype:trojan-activity;sid:84549936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686837)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686837/; classtype:trojan-activity;sid:84549937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686838)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686838/; classtype:trojan-activity;sid:84549938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686839)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686839/; classtype:trojan-activity;sid:84549939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686814)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686814/; classtype:trojan-activity;sid:84549914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686815)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686815/; classtype:trojan-activity;sid:84549915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686816)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686816/; classtype:trojan-activity;sid:84549916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686817)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686817/; classtype:trojan-activity;sid:84549917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686818)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686818/; classtype:trojan-activity;sid:84549918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686819)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686819/; classtype:trojan-activity;sid:84549919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686820)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686820/; classtype:trojan-activity;sid:84549920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686821)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686821/; classtype:trojan-activity;sid:84549921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686822)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686822/; classtype:trojan-activity;sid:84549922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686823)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686823/; classtype:trojan-activity;sid:84549923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686824)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686824/; classtype:trojan-activity;sid:84549924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686825)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686825/; classtype:trojan-activity;sid:84549925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686826)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686826/; classtype:trojan-activity;sid:84549926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686827)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686827/; classtype:trojan-activity;sid:84549927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686828)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686828/; classtype:trojan-activity;sid:84549928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686813)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686813/; classtype:trojan-activity;sid:84549913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686810)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686810/; classtype:trojan-activity;sid:84549910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686811)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686811/; classtype:trojan-activity;sid:84549911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686812)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686812/; classtype:trojan-activity;sid:84549912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686806)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686806/; classtype:trojan-activity;sid:84549906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686807)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686807/; classtype:trojan-activity;sid:84549907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686808)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mylocker-mondial.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686808/; classtype:trojan-activity;sid:84549908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686809)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.mondial-infomyrelais.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686809/; classtype:trojan-activity;sid:84549909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686802)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686802/; classtype:trojan-activity;sid:84549902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686803)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relais-livraison-colis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686803/; classtype:trojan-activity;sid:84549903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686804)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.instruction-colis-2025.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686804/; classtype:trojan-activity;sid:84549904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686805)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.logistik-dienstleistungen-portal.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686805/; classtype:trojan-activity;sid:84549905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686795)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686795/; classtype:trojan-activity;sid:84549895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686789)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686789/; classtype:trojan-activity;sid:84549889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686791)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686791/; classtype:trojan-activity;sid:84549891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686792)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686792/; classtype:trojan-activity;sid:84549892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686793)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686793/; classtype:trojan-activity;sid:84549893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686794)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686794/; classtype:trojan-activity;sid:84549894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686787)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686787/; classtype:trojan-activity;sid:84549887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686780)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686780/; classtype:trojan-activity;sid:84549880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686781)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686781/; classtype:trojan-activity;sid:84549881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686782)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686782/; classtype:trojan-activity;sid:84549882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686784)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686784/; classtype:trojan-activity;sid:84549884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686785)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686785/; classtype:trojan-activity;sid:84549885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686778)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686778/; classtype:trojan-activity;sid:84549878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686776)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686776/; classtype:trojan-activity;sid:84549876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686772)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686772/; classtype:trojan-activity;sid:84549872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686773)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686773/; classtype:trojan-activity;sid:84549873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686774)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686774/; classtype:trojan-activity;sid:84549874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686770)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686770/; classtype:trojan-activity;sid:84549870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686739)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686739/; classtype:trojan-activity;sid:84549839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686740)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686740/; classtype:trojan-activity;sid:84549840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686741)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686741/; classtype:trojan-activity;sid:84549841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686742)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686742/; classtype:trojan-activity;sid:84549842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686745)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686745/; classtype:trojan-activity;sid:84549845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686746)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686746/; classtype:trojan-activity;sid:84549846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686748)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686748/; classtype:trojan-activity;sid:84549848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686749)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686749/; classtype:trojan-activity;sid:84549849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686750)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686750/; classtype:trojan-activity;sid:84549850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686751)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686751/; classtype:trojan-activity;sid:84549851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686752)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686752/; classtype:trojan-activity;sid:84549852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686753)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686753/; classtype:trojan-activity;sid:84549853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686756)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686756/; classtype:trojan-activity;sid:84549856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686757)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686757/; classtype:trojan-activity;sid:84549857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686758)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686758/; classtype:trojan-activity;sid:84549858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686759)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686759/; classtype:trojan-activity;sid:84549859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686760)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686760/; classtype:trojan-activity;sid:84549860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686761)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686761/; classtype:trojan-activity;sid:84549861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686762)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686762/; classtype:trojan-activity;sid:84549862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686765)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686765/; classtype:trojan-activity;sid:84549865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686767)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686767/; classtype:trojan-activity;sid:84549867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686768)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.regularize-evitar.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686768/; classtype:trojan-activity;sid:84549868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686738)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.relaislockers2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686738/; classtype:trojan-activity;sid:84549838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686737)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.netflx-assinatura-colecaos.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686737/; classtype:trojan-activity;sid:84549837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686732)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686732/; classtype:trojan-activity;sid:84549832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686730)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686730/; classtype:trojan-activity;sid:84549830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686731)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686731/; classtype:trojan-activity;sid:84549831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686726)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686726/; classtype:trojan-activity;sid:84549826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686727)"; flow:established,from_client; content:"GET"; http_method; content:"/res"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686727/; classtype:trojan-activity;sid:84549827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686728)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686728/; classtype:trojan-activity;sid:84549828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686718)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686718/; classtype:trojan-activity;sid:84549818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686719)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686719/; classtype:trojan-activity;sid:84549819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686720)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686720/; classtype:trojan-activity;sid:84549820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686721)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686721/; classtype:trojan-activity;sid:84549821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686722)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686722/; classtype:trojan-activity;sid:84549822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686723)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686723/; classtype:trojan-activity;sid:84549823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686724)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686724/; classtype:trojan-activity;sid:84549824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686725)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.multas-impagas2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686725/; classtype:trojan-activity;sid:84549825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686717)"; flow:established,from_client; content:"GET"; http_method; content:"/nonrendition.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"162.241.70.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686717/; classtype:trojan-activity;sid:84549817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686708)"; flow:established,from_client; content:"GET"; http_method; content:"/yyy.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"158.94.208.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686708/; classtype:trojan-activity;sid:84549808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686646)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.logrecovery.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686646/; classtype:trojan-activity;sid:84549746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686647)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"mail.logrecovery.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686647/; classtype:trojan-activity;sid:84549747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686648)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"mail.logrecovery.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686648/; classtype:trojan-activity;sid:84549748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686649)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"mail.logrecovery.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686649/; classtype:trojan-activity;sid:84549749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686645)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"196.251.81.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686645/; classtype:trojan-activity;sid:84549745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686634)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mail.logrecovery.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686634/; classtype:trojan-activity;sid:84549734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686635)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ns2.logrecovery.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686635/; classtype:trojan-activity;sid:84549735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686636)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.logrecovery.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686636/; classtype:trojan-activity;sid:84549736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686637)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.logrecovery.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686637/; classtype:trojan-activity;sid:84549737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686638)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ns2.logrecovery.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686638/; classtype:trojan-activity;sid:84549738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686639)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ns2.logrecovery.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686639/; classtype:trojan-activity;sid:84549739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686640)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"ns2.logrecovery.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686640/; classtype:trojan-activity;sid:84549740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686642)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"mail.logrecovery.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686642/; classtype:trojan-activity;sid:84549742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686643)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.logrecovery.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686643/; classtype:trojan-activity;sid:84549743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686644)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ns2.logrecovery.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686644/; classtype:trojan-activity;sid:84549744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686633)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.logrecovery.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686633/; classtype:trojan-activity;sid:84549733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686631)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"196.251.81.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686631/; classtype:trojan-activity;sid:84549731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686632)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.81.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686632/; classtype:trojan-activity;sid:84549732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686629)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"196.251.81.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686629/; classtype:trojan-activity;sid:84549729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686630)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"196.251.81.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686630/; classtype:trojan-activity;sid:84549730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686627)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"logrecovery.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686627/; classtype:trojan-activity;sid:84549727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686625)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"logrecovery.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686625/; classtype:trojan-activity;sid:84549725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686622)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"logrecovery.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686622/; classtype:trojan-activity;sid:84549722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686623)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/vnc.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"logrecovery.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686623/; classtype:trojan-activity;sid:84549723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686624)"; flow:established,from_client; content:"GET"; http_method; content:"/hmfd8ejds/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"logrecovery.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686624/; classtype:trojan-activity;sid:84549724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.53.25.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686574/; classtype:trojan-activity;sid:84549674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.167.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686568/; classtype:trojan-activity;sid:84549668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.83.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_25; reference:url, urlhaus.abuse.ch/url/3686397/; classtype:trojan-activity;sid:84549497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686380)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc.uhavenobotsxd"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686380/; classtype:trojan-activity;sid:84549480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686381)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel.uhavenobotsxd"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686381/; classtype:trojan-activity;sid:84549481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686382)"; flow:established,from_client; content:"GET"; http_method; content:"/arm.uhavenobotsxd"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686382/; classtype:trojan-activity;sid:84549482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686383)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5.uhavenobotsxd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686383/; classtype:trojan-activity;sid:84549483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686384)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7.uhavenobotsxd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686384/; classtype:trojan-activity;sid:84549484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686385)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6.uhavenobotsxd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686385/; classtype:trojan-activity;sid:84549485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686386)"; flow:established,from_client; content:"GET"; http_method; content:"/mips.uhavenobotsxd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.154.35.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686386/; classtype:trojan-activity;sid:84549486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686326)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.20.93.205"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686326/; classtype:trojan-activity;sid:84549426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.166.85.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686286/; classtype:trojan-activity;sid:84549386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686281/; classtype:trojan-activity;sid:84549381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.35.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686277/; classtype:trojan-activity;sid:84549377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686254)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686254/; classtype:trojan-activity;sid:84549354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686248)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686248/; classtype:trojan-activity;sid:84549348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686249)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686249/; classtype:trojan-activity;sid:84549349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686250)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686250/; classtype:trojan-activity;sid:84549350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686252)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686252/; classtype:trojan-activity;sid:84549352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686245)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686245/; classtype:trojan-activity;sid:84549345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686243)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686243/; classtype:trojan-activity;sid:84549343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686244)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686244/; classtype:trojan-activity;sid:84549344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686242)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686242/; classtype:trojan-activity;sid:84549342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686228)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686228/; classtype:trojan-activity;sid:84549328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686229)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686229/; classtype:trojan-activity;sid:84549329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686230)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686230/; classtype:trojan-activity;sid:84549330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686231)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686231/; classtype:trojan-activity;sid:84549331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686232)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686232/; classtype:trojan-activity;sid:84549332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686234)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686234/; classtype:trojan-activity;sid:84549334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686236)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686236/; classtype:trojan-activity;sid:84549336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686237)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686237/; classtype:trojan-activity;sid:84549337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686238)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686238/; classtype:trojan-activity;sid:84549338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686239)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686239/; classtype:trojan-activity;sid:84549339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686240)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686240/; classtype:trojan-activity;sid:84549340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686224)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686224/; classtype:trojan-activity;sid:84549324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686225)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686225/; classtype:trojan-activity;sid:84549325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686226)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686226/; classtype:trojan-activity;sid:84549326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686208)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686208/; classtype:trojan-activity;sid:84549308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686209)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686209/; classtype:trojan-activity;sid:84549309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686210)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686210/; classtype:trojan-activity;sid:84549310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686211)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686211/; classtype:trojan-activity;sid:84549311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686212)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686212/; classtype:trojan-activity;sid:84549312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686213)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686213/; classtype:trojan-activity;sid:84549313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686214)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686214/; classtype:trojan-activity;sid:84549314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686215)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686215/; classtype:trojan-activity;sid:84549315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686216)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686216/; classtype:trojan-activity;sid:84549316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686217)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686217/; classtype:trojan-activity;sid:84549317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686218)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686218/; classtype:trojan-activity;sid:84549318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686219)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686219/; classtype:trojan-activity;sid:84549319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686220)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686220/; classtype:trojan-activity;sid:84549320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686221)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686221/; classtype:trojan-activity;sid:84549321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686222)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686222/; classtype:trojan-activity;sid:84549322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686205)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686205/; classtype:trojan-activity;sid:84549305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686206)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686206/; classtype:trojan-activity;sid:84549306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686207)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686207/; classtype:trojan-activity;sid:84549307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686201)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686201/; classtype:trojan-activity;sid:84549301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686202)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686202/; classtype:trojan-activity;sid:84549302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686203)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686203/; classtype:trojan-activity;sid:84549303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686204)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686204/; classtype:trojan-activity;sid:84549304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686197)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686197/; classtype:trojan-activity;sid:84549297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686198)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686198/; classtype:trojan-activity;sid:84549298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686199)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686199/; classtype:trojan-activity;sid:84549299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686200)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686200/; classtype:trojan-activity;sid:84549300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686193)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686193/; classtype:trojan-activity;sid:84549293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686194)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686194/; classtype:trojan-activity;sid:84549294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686195)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686195/; classtype:trojan-activity;sid:84549295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686196)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686196/; classtype:trojan-activity;sid:84549296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686185)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686185/; classtype:trojan-activity;sid:84549285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686186)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686186/; classtype:trojan-activity;sid:84549286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686188)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686188/; classtype:trojan-activity;sid:84549288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686189)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686189/; classtype:trojan-activity;sid:84549289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686190)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686190/; classtype:trojan-activity;sid:84549290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686191)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686191/; classtype:trojan-activity;sid:84549291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686192)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686192/; classtype:trojan-activity;sid:84549292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686180)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686180/; classtype:trojan-activity;sid:84549280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686181)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686181/; classtype:trojan-activity;sid:84549281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686182)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686182/; classtype:trojan-activity;sid:84549282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686183)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686183/; classtype:trojan-activity;sid:84549283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686184)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686184/; classtype:trojan-activity;sid:84549284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686176)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686176/; classtype:trojan-activity;sid:84549276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686177)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686177/; classtype:trojan-activity;sid:84549277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686178)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686178/; classtype:trojan-activity;sid:84549278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686179)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686179/; classtype:trojan-activity;sid:84549279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686171)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686171/; classtype:trojan-activity;sid:84549271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686172)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686172/; classtype:trojan-activity;sid:84549272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686173)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686173/; classtype:trojan-activity;sid:84549273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686174)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686174/; classtype:trojan-activity;sid:84549274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686167)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686167/; classtype:trojan-activity;sid:84549267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686168)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686168/; classtype:trojan-activity;sid:84549268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686169)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686169/; classtype:trojan-activity;sid:84549269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686170)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686170/; classtype:trojan-activity;sid:84549270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686156)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686156/; classtype:trojan-activity;sid:84549256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686158)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686158/; classtype:trojan-activity;sid:84549258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686159)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686159/; classtype:trojan-activity;sid:84549259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686160)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686160/; classtype:trojan-activity;sid:84549260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686161)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686161/; classtype:trojan-activity;sid:84549261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686162)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686162/; classtype:trojan-activity;sid:84549262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686163)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686163/; classtype:trojan-activity;sid:84549263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686165)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686165/; classtype:trojan-activity;sid:84549265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686166)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686166/; classtype:trojan-activity;sid:84549266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686152)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686152/; classtype:trojan-activity;sid:84549252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686153)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686153/; classtype:trojan-activity;sid:84549253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686154)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686154/; classtype:trojan-activity;sid:84549254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686155)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686155/; classtype:trojan-activity;sid:84549255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686148)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686148/; classtype:trojan-activity;sid:84549248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686149)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686149/; classtype:trojan-activity;sid:84549249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686150)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686150/; classtype:trojan-activity;sid:84549250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686151)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686151/; classtype:trojan-activity;sid:84549251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686144)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686144/; classtype:trojan-activity;sid:84549244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686145)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686145/; classtype:trojan-activity;sid:84549245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686146)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686146/; classtype:trojan-activity;sid:84549246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686147)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686147/; classtype:trojan-activity;sid:84549247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686136)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686136/; classtype:trojan-activity;sid:84549236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686137)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686137/; classtype:trojan-activity;sid:84549237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686138)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686138/; classtype:trojan-activity;sid:84549238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686139)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686139/; classtype:trojan-activity;sid:84549239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686140)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686140/; classtype:trojan-activity;sid:84549240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686142)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686142/; classtype:trojan-activity;sid:84549242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686143)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686143/; classtype:trojan-activity;sid:84549243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686122)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686122/; classtype:trojan-activity;sid:84549222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686123)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686123/; classtype:trojan-activity;sid:84549223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686124)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686124/; classtype:trojan-activity;sid:84549224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686125)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686125/; classtype:trojan-activity;sid:84549225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686126)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686126/; classtype:trojan-activity;sid:84549226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686127)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686127/; classtype:trojan-activity;sid:84549227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686129)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686129/; classtype:trojan-activity;sid:84549229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686130)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686130/; classtype:trojan-activity;sid:84549230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686131)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686131/; classtype:trojan-activity;sid:84549231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686132)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686132/; classtype:trojan-activity;sid:84549232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686133)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686133/; classtype:trojan-activity;sid:84549233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686134)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686134/; classtype:trojan-activity;sid:84549234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686117)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686117/; classtype:trojan-activity;sid:84549217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686119)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686119/; classtype:trojan-activity;sid:84549219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686120)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686120/; classtype:trojan-activity;sid:84549220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686113)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686113/; classtype:trojan-activity;sid:84549213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686114)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686114/; classtype:trojan-activity;sid:84549214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686115)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686115/; classtype:trojan-activity;sid:84549215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686116)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686116/; classtype:trojan-activity;sid:84549216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686109)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686109/; classtype:trojan-activity;sid:84549209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686110)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686110/; classtype:trojan-activity;sid:84549210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686111)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686111/; classtype:trojan-activity;sid:84549211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686107)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686107/; classtype:trojan-activity;sid:84549207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686108)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686108/; classtype:trojan-activity;sid:84549208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686096)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686096/; classtype:trojan-activity;sid:84549196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686097)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686097/; classtype:trojan-activity;sid:84549197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686098)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686098/; classtype:trojan-activity;sid:84549198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686099)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686099/; classtype:trojan-activity;sid:84549199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686101)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686101/; classtype:trojan-activity;sid:84549201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686102)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686102/; classtype:trojan-activity;sid:84549202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686103)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686103/; classtype:trojan-activity;sid:84549203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686105)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686105/; classtype:trojan-activity;sid:84549205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686106)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686106/; classtype:trojan-activity;sid:84549206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686087)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686087/; classtype:trojan-activity;sid:84549187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686088)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686088/; classtype:trojan-activity;sid:84549188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686090)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686090/; classtype:trojan-activity;sid:84549190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686091)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686091/; classtype:trojan-activity;sid:84549191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686092)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686092/; classtype:trojan-activity;sid:84549192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686093)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686093/; classtype:trojan-activity;sid:84549193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686094)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686094/; classtype:trojan-activity;sid:84549194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686095)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686095/; classtype:trojan-activity;sid:84549195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686086)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686086/; classtype:trojan-activity;sid:84549186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686082)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686082/; classtype:trojan-activity;sid:84549182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686083)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686083/; classtype:trojan-activity;sid:84549183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686084)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686084/; classtype:trojan-activity;sid:84549184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686085)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686085/; classtype:trojan-activity;sid:84549185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686073)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686073/; classtype:trojan-activity;sid:84549173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686074)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686074/; classtype:trojan-activity;sid:84549174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686075)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686075/; classtype:trojan-activity;sid:84549175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686076)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686076/; classtype:trojan-activity;sid:84549176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686077)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686077/; classtype:trojan-activity;sid:84549177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686078)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686078/; classtype:trojan-activity;sid:84549178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686079)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686079/; classtype:trojan-activity;sid:84549179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686081)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686081/; classtype:trojan-activity;sid:84549181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686069)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686069/; classtype:trojan-activity;sid:84549169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686070)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686070/; classtype:trojan-activity;sid:84549170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686071)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686071/; classtype:trojan-activity;sid:84549171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686072)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686072/; classtype:trojan-activity;sid:84549172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686064)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686064/; classtype:trojan-activity;sid:84549164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686065)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686065/; classtype:trojan-activity;sid:84549165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686066)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686066/; classtype:trojan-activity;sid:84549166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686067)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686067/; classtype:trojan-activity;sid:84549167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686068)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686068/; classtype:trojan-activity;sid:84549168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686057)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686057/; classtype:trojan-activity;sid:84549157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686058)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686058/; classtype:trojan-activity;sid:84549158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686059)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686059/; classtype:trojan-activity;sid:84549159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686060)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686060/; classtype:trojan-activity;sid:84549160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686061)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686061/; classtype:trojan-activity;sid:84549161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686062)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686062/; classtype:trojan-activity;sid:84549162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686056)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686056/; classtype:trojan-activity;sid:84549156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686055)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686055/; classtype:trojan-activity;sid:84549155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686049)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686049/; classtype:trojan-activity;sid:84549149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686050)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686050/; classtype:trojan-activity;sid:84549150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686051)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686051/; classtype:trojan-activity;sid:84549151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686052)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686052/; classtype:trojan-activity;sid:84549152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686053)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686053/; classtype:trojan-activity;sid:84549153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686054)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686054/; classtype:trojan-activity;sid:84549154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686039)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686039/; classtype:trojan-activity;sid:84549139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686040)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686040/; classtype:trojan-activity;sid:84549140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686041)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686041/; classtype:trojan-activity;sid:84549141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686042)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686042/; classtype:trojan-activity;sid:84549142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686043)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686043/; classtype:trojan-activity;sid:84549143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686044)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686044/; classtype:trojan-activity;sid:84549144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686045)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686045/; classtype:trojan-activity;sid:84549145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686047)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686047/; classtype:trojan-activity;sid:84549147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686048)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686048/; classtype:trojan-activity;sid:84549148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686027)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686027/; classtype:trojan-activity;sid:84549127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686028)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686028/; classtype:trojan-activity;sid:84549128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686029)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686029/; classtype:trojan-activity;sid:84549129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686030)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686030/; classtype:trojan-activity;sid:84549130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686031)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686031/; classtype:trojan-activity;sid:84549131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686032)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686032/; classtype:trojan-activity;sid:84549132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686033)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686033/; classtype:trojan-activity;sid:84549133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686034)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686034/; classtype:trojan-activity;sid:84549134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686035)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686035/; classtype:trojan-activity;sid:84549135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686036)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686036/; classtype:trojan-activity;sid:84549136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686037)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686037/; classtype:trojan-activity;sid:84549137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686024)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686024/; classtype:trojan-activity;sid:84549124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686025)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686025/; classtype:trojan-activity;sid:84549125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686026)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686026/; classtype:trojan-activity;sid:84549126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686023)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686023/; classtype:trojan-activity;sid:84549123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686022)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686022/; classtype:trojan-activity;sid:84549122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686021)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686021/; classtype:trojan-activity;sid:84549121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686018)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686018/; classtype:trojan-activity;sid:84549118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686019)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686019/; classtype:trojan-activity;sid:84549119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686006)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686006/; classtype:trojan-activity;sid:84549106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686007)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686007/; classtype:trojan-activity;sid:84549107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686008)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686008/; classtype:trojan-activity;sid:84549108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686009)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686009/; classtype:trojan-activity;sid:84549109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686010)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686010/; classtype:trojan-activity;sid:84549110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686011)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686011/; classtype:trojan-activity;sid:84549111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686012)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686012/; classtype:trojan-activity;sid:84549112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686013)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686013/; classtype:trojan-activity;sid:84549113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686014)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686014/; classtype:trojan-activity;sid:84549114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686015)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686015/; classtype:trojan-activity;sid:84549115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686016)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686016/; classtype:trojan-activity;sid:84549116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685997)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685997/; classtype:trojan-activity;sid:84549097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685998)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685998/; classtype:trojan-activity;sid:84549098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685999)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685999/; classtype:trojan-activity;sid:84549099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686000)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686000/; classtype:trojan-activity;sid:84549100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686001)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686001/; classtype:trojan-activity;sid:84549101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686002)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686002/; classtype:trojan-activity;sid:84549102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686003)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686003/; classtype:trojan-activity;sid:84549103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686004)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686004/; classtype:trojan-activity;sid:84549104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3686005)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3686005/; classtype:trojan-activity;sid:84549105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685995)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685995/; classtype:trojan-activity;sid:84549095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685996)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685996/; classtype:trojan-activity;sid:84549096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685992)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685992/; classtype:trojan-activity;sid:84549092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685994)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685994/; classtype:trojan-activity;sid:84549094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685991)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685991/; classtype:trojan-activity;sid:84549091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685990)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685990/; classtype:trojan-activity;sid:84549090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685985)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685985/; classtype:trojan-activity;sid:84549085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685986)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685986/; classtype:trojan-activity;sid:84549086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685987)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685987/; classtype:trojan-activity;sid:84549087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685988)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685988/; classtype:trojan-activity;sid:84549088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685969)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685969/; classtype:trojan-activity;sid:84549069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685970)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685970/; classtype:trojan-activity;sid:84549070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685971)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685971/; classtype:trojan-activity;sid:84549071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685972)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685972/; classtype:trojan-activity;sid:84549072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685973)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685973/; classtype:trojan-activity;sid:84549073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685975)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685975/; classtype:trojan-activity;sid:84549075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685977)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685977/; classtype:trojan-activity;sid:84549077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685978)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685978/; classtype:trojan-activity;sid:84549078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685979)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685979/; classtype:trojan-activity;sid:84549079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685980)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685980/; classtype:trojan-activity;sid:84549080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685981)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685981/; classtype:trojan-activity;sid:84549081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685964)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685964/; classtype:trojan-activity;sid:84549064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685965)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685965/; classtype:trojan-activity;sid:84549065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685967)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685967/; classtype:trojan-activity;sid:84549067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685968)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685968/; classtype:trojan-activity;sid:84549068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685963)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685963/; classtype:trojan-activity;sid:84549063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685961)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685961/; classtype:trojan-activity;sid:84549061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685962)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685962/; classtype:trojan-activity;sid:84549062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685955)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685955/; classtype:trojan-activity;sid:84549055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685956)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685956/; classtype:trojan-activity;sid:84549056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685957)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685957/; classtype:trojan-activity;sid:84549057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685958)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685958/; classtype:trojan-activity;sid:84549058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685959)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685959/; classtype:trojan-activity;sid:84549059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685952)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685952/; classtype:trojan-activity;sid:84549052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685953)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685953/; classtype:trojan-activity;sid:84549053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685954)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685954/; classtype:trojan-activity;sid:84549054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685948)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685948/; classtype:trojan-activity;sid:84549048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685949)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685949/; classtype:trojan-activity;sid:84549049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685950)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685950/; classtype:trojan-activity;sid:84549050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685951)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685951/; classtype:trojan-activity;sid:84549051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685938)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685938/; classtype:trojan-activity;sid:84549038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685939)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685939/; classtype:trojan-activity;sid:84549039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685940)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685940/; classtype:trojan-activity;sid:84549040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685941)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685941/; classtype:trojan-activity;sid:84549041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685942)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685942/; classtype:trojan-activity;sid:84549042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685943)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685943/; classtype:trojan-activity;sid:84549043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685944)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685944/; classtype:trojan-activity;sid:84549044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685945)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685945/; classtype:trojan-activity;sid:84549045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685946)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685946/; classtype:trojan-activity;sid:84549046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685947)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685947/; classtype:trojan-activity;sid:84549047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685933)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685933/; classtype:trojan-activity;sid:84549033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685934)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685934/; classtype:trojan-activity;sid:84549034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685935)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685935/; classtype:trojan-activity;sid:84549035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685936)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685936/; classtype:trojan-activity;sid:84549036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685937)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685937/; classtype:trojan-activity;sid:84549037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685925)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685925/; classtype:trojan-activity;sid:84549025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685926)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685926/; classtype:trojan-activity;sid:84549026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685927)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685927/; classtype:trojan-activity;sid:84549027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685928)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685928/; classtype:trojan-activity;sid:84549028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685929)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685929/; classtype:trojan-activity;sid:84549029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685930)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685930/; classtype:trojan-activity;sid:84549030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685931)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685931/; classtype:trojan-activity;sid:84549031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685932)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685932/; classtype:trojan-activity;sid:84549032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685917)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685917/; classtype:trojan-activity;sid:84549017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685918)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685918/; classtype:trojan-activity;sid:84549018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685919)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685919/; classtype:trojan-activity;sid:84549019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685920)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685920/; classtype:trojan-activity;sid:84549020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685921)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685921/; classtype:trojan-activity;sid:84549021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685922)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685922/; classtype:trojan-activity;sid:84549022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685924)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685924/; classtype:trojan-activity;sid:84549024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685910)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685910/; classtype:trojan-activity;sid:84549010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685911)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685911/; classtype:trojan-activity;sid:84549011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685912)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685912/; classtype:trojan-activity;sid:84549012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685914)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685914/; classtype:trojan-activity;sid:84549014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685915)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685915/; classtype:trojan-activity;sid:84549015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685916)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685916/; classtype:trojan-activity;sid:84549016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685907)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685907/; classtype:trojan-activity;sid:84549007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685908)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685908/; classtype:trojan-activity;sid:84549008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685909)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685909/; classtype:trojan-activity;sid:84549009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685901)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685901/; classtype:trojan-activity;sid:84549001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685902)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685902/; classtype:trojan-activity;sid:84549002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685905)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685905/; classtype:trojan-activity;sid:84549005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685906)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685906/; classtype:trojan-activity;sid:84549006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685893)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685893/; classtype:trojan-activity;sid:84548993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685894)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685894/; classtype:trojan-activity;sid:84548994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685895)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685895/; classtype:trojan-activity;sid:84548995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685896)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685896/; classtype:trojan-activity;sid:84548996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685897)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685897/; classtype:trojan-activity;sid:84548997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685898)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685898/; classtype:trojan-activity;sid:84548998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685899)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685899/; classtype:trojan-activity;sid:84548999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685900)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685900/; classtype:trojan-activity;sid:84549000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685887)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685887/; classtype:trojan-activity;sid:84548987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685888)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685888/; classtype:trojan-activity;sid:84548988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685889)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685889/; classtype:trojan-activity;sid:84548989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685890)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685890/; classtype:trojan-activity;sid:84548990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685891)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685891/; classtype:trojan-activity;sid:84548991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685892)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685892/; classtype:trojan-activity;sid:84548992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685886)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685886/; classtype:trojan-activity;sid:84548986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685879)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685879/; classtype:trojan-activity;sid:84548979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685881)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685881/; classtype:trojan-activity;sid:84548981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685882)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685882/; classtype:trojan-activity;sid:84548982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685884)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685884/; classtype:trojan-activity;sid:84548984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685885)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685885/; classtype:trojan-activity;sid:84548985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685877)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685877/; classtype:trojan-activity;sid:84548977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685878)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685878/; classtype:trojan-activity;sid:84548978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685867)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685867/; classtype:trojan-activity;sid:84548967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685868)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685868/; classtype:trojan-activity;sid:84548968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685869)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685869/; classtype:trojan-activity;sid:84548969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685870)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685870/; classtype:trojan-activity;sid:84548970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685871)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685871/; classtype:trojan-activity;sid:84548971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685872)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685872/; classtype:trojan-activity;sid:84548972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685873)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685873/; classtype:trojan-activity;sid:84548973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685874)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685874/; classtype:trojan-activity;sid:84548974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685875)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685875/; classtype:trojan-activity;sid:84548975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685876)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685876/; classtype:trojan-activity;sid:84548976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685863)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685863/; classtype:trojan-activity;sid:84548963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685864)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685864/; classtype:trojan-activity;sid:84548964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685865)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685865/; classtype:trojan-activity;sid:84548965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685866)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685866/; classtype:trojan-activity;sid:84548966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685861)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685861/; classtype:trojan-activity;sid:84548961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685862)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685862/; classtype:trojan-activity;sid:84548962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685852)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685852/; classtype:trojan-activity;sid:84548952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685853)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685853/; classtype:trojan-activity;sid:84548953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685854)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685854/; classtype:trojan-activity;sid:84548954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685855)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685855/; classtype:trojan-activity;sid:84548955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685857)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685857/; classtype:trojan-activity;sid:84548957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685858)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685858/; classtype:trojan-activity;sid:84548958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685859)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"relais-logistique-colis.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685859/; classtype:trojan-activity;sid:84548959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685860)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685860/; classtype:trojan-activity;sid:84548960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685847)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dgt-2025.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685847/; classtype:trojan-activity;sid:84548947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685848)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685848/; classtype:trojan-activity;sid:84548948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685849)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685849/; classtype:trojan-activity;sid:84548949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685850)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685850/; classtype:trojan-activity;sid:84548950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685851)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685851/; classtype:trojan-activity;sid:84548951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685837)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685837/; classtype:trojan-activity;sid:84548937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685838)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685838/; classtype:trojan-activity;sid:84548938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685839)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685839/; classtype:trojan-activity;sid:84548939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685840)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685840/; classtype:trojan-activity;sid:84548940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685841)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685841/; classtype:trojan-activity;sid:84548941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685842)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685842/; classtype:trojan-activity;sid:84548942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685843)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685843/; classtype:trojan-activity;sid:84548943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685844)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685844/; classtype:trojan-activity;sid:84548944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685845)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685845/; classtype:trojan-activity;sid:84548945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685830)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685830/; classtype:trojan-activity;sid:84548930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685831)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685831/; classtype:trojan-activity;sid:84548931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685832)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685832/; classtype:trojan-activity;sid:84548932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685833)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relaislockers2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685833/; classtype:trojan-activity;sid:84548933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685834)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685834/; classtype:trojan-activity;sid:84548934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685835)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685835/; classtype:trojan-activity;sid:84548935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685836)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685836/; classtype:trojan-activity;sid:84548936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685827)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685827/; classtype:trojan-activity;sid:84548927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685828)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685828/; classtype:trojan-activity;sid:84548928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685829)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685829/; classtype:trojan-activity;sid:84548929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685825)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685825/; classtype:trojan-activity;sid:84548925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685826)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685826/; classtype:trojan-activity;sid:84548926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685813)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685813/; classtype:trojan-activity;sid:84548913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685815)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"depot-marchandise.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685815/; classtype:trojan-activity;sid:84548915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685816)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685816/; classtype:trojan-activity;sid:84548916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685817)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685817/; classtype:trojan-activity;sid:84548917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685818)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685818/; classtype:trojan-activity;sid:84548918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685819)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685819/; classtype:trojan-activity;sid:84548919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685820)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685820/; classtype:trojan-activity;sid:84548920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685821)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685821/; classtype:trojan-activity;sid:84548921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685822)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685822/; classtype:trojan-activity;sid:84548922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685805)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685805/; classtype:trojan-activity;sid:84548905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685806)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685806/; classtype:trojan-activity;sid:84548906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685807)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685807/; classtype:trojan-activity;sid:84548907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685808)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685808/; classtype:trojan-activity;sid:84548908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685809)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685809/; classtype:trojan-activity;sid:84548909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685810)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685810/; classtype:trojan-activity;sid:84548910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685811)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685811/; classtype:trojan-activity;sid:84548911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685812)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685812/; classtype:trojan-activity;sid:84548912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685798)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685798/; classtype:trojan-activity;sid:84548898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685799)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685799/; classtype:trojan-activity;sid:84548899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685800)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instructions-de-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685800/; classtype:trojan-activity;sid:84548900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685801)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685801/; classtype:trojan-activity;sid:84548901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685797)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685797/; classtype:trojan-activity;sid:84548897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685792)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685792/; classtype:trojan-activity;sid:84548892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685793)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685793/; classtype:trojan-activity;sid:84548893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685794)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"suivimoncolis-mondialrelais.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685794/; classtype:trojan-activity;sid:84548894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685795)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"relais-livraison-colis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685795/; classtype:trojan-activity;sid:84548895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685796)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685796/; classtype:trojan-activity;sid:84548896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685786)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685786/; classtype:trojan-activity;sid:84548886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685787)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685787/; classtype:trojan-activity;sid:84548887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685788)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685788/; classtype:trojan-activity;sid:84548888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685789)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685789/; classtype:trojan-activity;sid:84548889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685790)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685790/; classtype:trojan-activity;sid:84548890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685791)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685791/; classtype:trojan-activity;sid:84548891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685779)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685779/; classtype:trojan-activity;sid:84548879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685780)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685780/; classtype:trojan-activity;sid:84548880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685781)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"csomagklds-2025.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685781/; classtype:trojan-activity;sid:84548881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685782)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685782/; classtype:trojan-activity;sid:84548882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685783)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aktualizacjakonta.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685783/; classtype:trojan-activity;sid:84548883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685784)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jereservelocker.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685784/; classtype:trojan-activity;sid:84548884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685785)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685785/; classtype:trojan-activity;sid:84548885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685776)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685776/; classtype:trojan-activity;sid:84548876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685777)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685777/; classtype:trojan-activity;sid:84548877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685778)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685778/; classtype:trojan-activity;sid:84548878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685767)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685767/; classtype:trojan-activity;sid:84548867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685768)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685768/; classtype:trojan-activity;sid:84548868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685770)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685770/; classtype:trojan-activity;sid:84548870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685771)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685771/; classtype:trojan-activity;sid:84548871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685772)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685772/; classtype:trojan-activity;sid:84548872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685773)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685773/; classtype:trojan-activity;sid:84548873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685774)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685774/; classtype:trojan-activity;sid:84548874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685775)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685775/; classtype:trojan-activity;sid:84548875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685757)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685757/; classtype:trojan-activity;sid:84548857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685759)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685759/; classtype:trojan-activity;sid:84548859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685760)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685760/; classtype:trojan-activity;sid:84548860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685761)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"info-paiement-relais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685761/; classtype:trojan-activity;sid:84548861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685762)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685762/; classtype:trojan-activity;sid:84548862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685763)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685763/; classtype:trojan-activity;sid:84548863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685765)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685765/; classtype:trojan-activity;sid:84548865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685766)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685766/; classtype:trojan-activity;sid:84548866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685753)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685753/; classtype:trojan-activity;sid:84548853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685754)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685754/; classtype:trojan-activity;sid:84548854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685755)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685755/; classtype:trojan-activity;sid:84548855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685756)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paketzustellungen.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685756/; classtype:trojan-activity;sid:84548856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685751)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"envoi-frais-info.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685751/; classtype:trojan-activity;sid:84548851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685752)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mondialrelay-trajet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685752/; classtype:trojan-activity;sid:84548852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685749)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685749/; classtype:trojan-activity;sid:84548849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685731)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685731/; classtype:trojan-activity;sid:84548831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685732)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-formulaire.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685732/; classtype:trojan-activity;sid:84548832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685733)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"votre-livraison-colis.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685733/; classtype:trojan-activity;sid:84548833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685735)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685735/; classtype:trojan-activity;sid:84548835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685736)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecaos.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685736/; classtype:trojan-activity;sid:84548836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685737)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685737/; classtype:trojan-activity;sid:84548837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685738)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685738/; classtype:trojan-activity;sid:84548838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685739)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"connexion-support.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685739/; classtype:trojan-activity;sid:84548839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685743)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685743/; classtype:trojan-activity;sid:84548843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685744)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685744/; classtype:trojan-activity;sid:84548844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685746)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"colis-mondial.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685746/; classtype:trojan-activity;sid:84548846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685747)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685747/; classtype:trojan-activity;sid:84548847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685748)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"verif-mondial.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685748/; classtype:trojan-activity;sid:84548848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685721)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-suspendu-2025.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685721/; classtype:trojan-activity;sid:84548821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685722)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"instruction-colis-2025.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685722/; classtype:trojan-activity;sid:84548822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685723)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"logistik-dienstleistungen-portal.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685723/; classtype:trojan-activity;sid:84548823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685724)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"locker-portail.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685724/; classtype:trojan-activity;sid:84548824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685725)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"aaaaaaaaaaaaaaaaa.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685725/; classtype:trojan-activity;sid:84548825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685726)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondial-infomyrelais.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685726/; classtype:trojan-activity;sid:84548826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685727)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mondialrelay-fr-formulaire.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685727/; classtype:trojan-activity;sid:84548827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685728)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"avisderecherche-valbarelle.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685728/; classtype:trojan-activity;sid:84548828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685729)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"livraison-en-attente.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685729/; classtype:trojan-activity;sid:84548829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685730)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-fr.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685730/; classtype:trojan-activity;sid:84548830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685716)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685716/; classtype:trojan-activity;sid:84548816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685717)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"entrepots-colis-2025.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685717/; classtype:trojan-activity;sid:84548817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685718)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"colis-en-attente-2025.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685718/; classtype:trojan-activity;sid:84548818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685719)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lockersrelais2025.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685719/; classtype:trojan-activity;sid:84548819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685720)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jesuisbon-le.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685720/; classtype:trojan-activity;sid:84548820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685713)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"netflx-assinatura-colecao.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685713/; classtype:trojan-activity;sid:84548813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685714)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"regularize-evitar.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685714/; classtype:trojan-activity;sid:84548814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685715)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"livraisons-en-attente.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685715/; classtype:trojan-activity;sid:84548815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.173.75.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685655/; classtype:trojan-activity;sid:84548755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.146.224.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685653/; classtype:trojan-activity;sid:84548753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685654)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.19.233.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685654/; classtype:trojan-activity;sid:84548754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685645)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.178.226.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685645/; classtype:trojan-activity;sid:84548745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685644)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.143.225.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685644/; classtype:trojan-activity;sid:84548744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685495)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.225.231.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685495/; classtype:trojan-activity;sid:84548595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.124.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685381/; classtype:trojan-activity;sid:84548481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685360)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685360/; classtype:trojan-activity;sid:84548460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685347)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685347/; classtype:trojan-activity;sid:84548447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685348)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685348/; classtype:trojan-activity;sid:84548448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685340)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685340/; classtype:trojan-activity;sid:84548440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685341)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685341/; classtype:trojan-activity;sid:84548441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685337)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685337/; classtype:trojan-activity;sid:84548437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685338)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685338/; classtype:trojan-activity;sid:84548438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685334)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685334/; classtype:trojan-activity;sid:84548434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.132.225.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685332/; classtype:trojan-activity;sid:84548432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685327)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685327/; classtype:trojan-activity;sid:84548427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685320)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685320/; classtype:trojan-activity;sid:84548420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685321)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685321/; classtype:trojan-activity;sid:84548421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685322)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685322/; classtype:trojan-activity;sid:84548422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685323)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685323/; classtype:trojan-activity;sid:84548423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685325)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685325/; classtype:trojan-activity;sid:84548425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685326)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685326/; classtype:trojan-activity;sid:84548426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685312)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685312/; classtype:trojan-activity;sid:84548412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685313)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685313/; classtype:trojan-activity;sid:84548413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685314)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685314/; classtype:trojan-activity;sid:84548414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685315)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pagomulta2025.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685315/; classtype:trojan-activity;sid:84548415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685316)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685316/; classtype:trojan-activity;sid:84548416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685317)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685317/; classtype:trojan-activity;sid:84548417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685303)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685303/; classtype:trojan-activity;sid:84548403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685304)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685304/; classtype:trojan-activity;sid:84548404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685308)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685308/; classtype:trojan-activity;sid:84548408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685310)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685310/; classtype:trojan-activity;sid:84548410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685311)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"formulaire-mondialrelay-pro.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685311/; classtype:trojan-activity;sid:84548411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.124.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685147/; classtype:trojan-activity;sid:84548247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.34.61.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685139/; classtype:trojan-activity;sid:84548239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.34.61.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685135/; classtype:trojan-activity;sid:84548235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.167.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685116/; classtype:trojan-activity;sid:84548216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.90.122.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684907/; classtype:trojan-activity;sid:84548007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.17.42.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684900/; classtype:trojan-activity;sid:84548000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.111.3.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684903/; classtype:trojan-activity;sid:84548003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.249.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684843/; classtype:trojan-activity;sid:84547943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684806)"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"khoancatbetong89.vn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684806/; classtype:trojan-activity;sid:84547906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684798)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684798/; classtype:trojan-activity;sid:84547898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684799)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684799/; classtype:trojan-activity;sid:84547899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684800)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684800/; classtype:trojan-activity;sid:84547900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684801)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684801/; classtype:trojan-activity;sid:84547901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684795)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684795/; classtype:trojan-activity;sid:84547895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684787)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684787/; classtype:trojan-activity;sid:84547887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684789)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684789/; classtype:trojan-activity;sid:84547889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684790)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684790/; classtype:trojan-activity;sid:84547890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684791)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684791/; classtype:trojan-activity;sid:84547891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684793)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684793/; classtype:trojan-activity;sid:84547893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684794)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"213.209.143.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684794/; classtype:trojan-activity;sid:84547894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684782/; classtype:trojan-activity;sid:84547882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684751)"; flow:established,from_client; content:"GET"; http_method; content:"/90/cvd3dd0ok0s0/sdo09ewsdf023jfkjsdxc0vxc90sd9f3f9df90cxv9x0vsfjsdkfj090xc00sfsd399sdf00xcv0xv0e90w.doc"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"23.95.117.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684751/; classtype:trojan-activity;sid:84547851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684749)"; flow:established,from_client; content:"GET"; http_method; content:"/90/cvd3dd0ok0s0/sdo09ewsdf023jfkjsdxc0vxc90sd9f3f9df90cxv9x0vsfjsdkfj090xc00sfsd399sdf00xcv0xv0e90w.doc"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"23.95.117.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684749/; classtype:trojan-activity;sid:84547849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684691/; classtype:trojan-activity;sid:84547791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684683)"; flow:established,from_client; content:"GET"; http_method; content:"/pitchometer.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"bnhar.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684683/; classtype:trojan-activity;sid:84547783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684682)"; flow:established,from_client; content:"GET"; http_method; content:"/pit.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bnhar.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684682/; classtype:trojan-activity;sid:84547782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.8.224.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684656/; classtype:trojan-activity;sid:84547756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684652)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251022232849.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pocopa.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684652/; classtype:trojan-activity;sid:84547752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684488)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"remcosf2025.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684488/; classtype:trojan-activity;sid:84547588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684483)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.remdefrem.duckdns.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684483/; classtype:trojan-activity;sid:84547583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684468)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm5"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684468/; classtype:trojan-activity;sid:84547568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684465)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mpsl"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684465/; classtype:trojan-activity;sid:84547565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684466)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm6"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684466/; classtype:trojan-activity;sid:84547566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684467)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86_64"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684467/; classtype:trojan-activity;sid:84547567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684462)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684462/; classtype:trojan-activity;sid:84547562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684463)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.mips"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684463/; classtype:trojan-activity;sid:84547563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684464)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.sh4"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684464/; classtype:trojan-activity;sid:84547564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684457)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.m68k"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684457/; classtype:trojan-activity;sid:84547557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684458)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684458/; classtype:trojan-activity;sid:84547558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684459)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.spc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684459/; classtype:trojan-activity;sid:84547559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684460)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684460/; classtype:trojan-activity;sid:84547560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684461)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.ppc"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684461/; classtype:trojan-activity;sid:84547561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684454)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.i686"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684454/; classtype:trojan-activity;sid:84547554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684455)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.arm7"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684455/; classtype:trojan-activity;sid:84547555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684456)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/labello.x86"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"devilnet.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684456/; classtype:trojan-activity;sid:84547556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684444)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"7octubredc.duckdns.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684444/; classtype:trojan-activity;sid:84547544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684403)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dc14oct.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684403/; classtype:trojan-activity;sid:84547503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684401)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684401/; classtype:trojan-activity;sid:84547501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684400)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684400/; classtype:trojan-activity;sid:84547500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684399)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684399/; classtype:trojan-activity;sid:84547499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684398)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684398/; classtype:trojan-activity;sid:84547498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684397)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684397/; classtype:trojan-activity;sid:84547497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684396)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684396/; classtype:trojan-activity;sid:84547496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684395)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684395/; classtype:trojan-activity;sid:84547495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684394)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684394/; classtype:trojan-activity;sid:84547494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684391)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684391/; classtype:trojan-activity;sid:84547491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684392)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684392/; classtype:trojan-activity;sid:84547492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684393)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684393/; classtype:trojan-activity;sid:84547493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684390)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684390/; classtype:trojan-activity;sid:84547490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684387)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684387/; classtype:trojan-activity;sid:84547487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684388)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684388/; classtype:trojan-activity;sid:84547488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684389)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684389/; classtype:trojan-activity;sid:84547489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684383)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684383/; classtype:trojan-activity;sid:84547483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684384)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684384/; classtype:trojan-activity;sid:84547484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684385)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684385/; classtype:trojan-activity;sid:84547485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684386)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684386/; classtype:trojan-activity;sid:84547486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684378)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684378/; classtype:trojan-activity;sid:84547478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684379)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684379/; classtype:trojan-activity;sid:84547479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684380)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684380/; classtype:trojan-activity;sid:84547480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684381)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86-debug"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684381/; classtype:trojan-activity;sid:84547481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684382)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684382/; classtype:trojan-activity;sid:84547482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684377)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684377/; classtype:trojan-activity;sid:84547477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684376)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684376/; classtype:trojan-activity;sid:84547476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684375)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684375/; classtype:trojan-activity;sid:84547475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684374)"; flow:established,from_client; content:"GET"; http_method; content:"/x86-debug"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"convac123.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684374/; classtype:trojan-activity;sid:84547474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684360)"; flow:established,from_client; content:"GET"; http_method; content:"/898xylbd/139assicc.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"192.140.182.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684360/; classtype:trojan-activity;sid:84547460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684356)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684356/; classtype:trojan-activity;sid:84547456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684355)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684355/; classtype:trojan-activity;sid:84547455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684352)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684352/; classtype:trojan-activity;sid:84547452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684353)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684353/; classtype:trojan-activity;sid:84547453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684354)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684354/; classtype:trojan-activity;sid:84547454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684347)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684347/; classtype:trojan-activity;sid:84547447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684348)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684348/; classtype:trojan-activity;sid:84547448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684349)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684349/; classtype:trojan-activity;sid:84547449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684350)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684350/; classtype:trojan-activity;sid:84547450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684351)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684351/; classtype:trojan-activity;sid:84547451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684345)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684345/; classtype:trojan-activity;sid:84547445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684346)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684346/; classtype:trojan-activity;sid:84547446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684319)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684319/; classtype:trojan-activity;sid:84547419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684318)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684318/; classtype:trojan-activity;sid:84547418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684317)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684317/; classtype:trojan-activity;sid:84547417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684316)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684316/; classtype:trojan-activity;sid:84547416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684315)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684315/; classtype:trojan-activity;sid:84547415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684313)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684313/; classtype:trojan-activity;sid:84547413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684314)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684314/; classtype:trojan-activity;sid:84547414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684310)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684310/; classtype:trojan-activity;sid:84547410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684311)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684311/; classtype:trojan-activity;sid:84547411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684312)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/android/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684312/; classtype:trojan-activity;sid:84547412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684308)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684308/; classtype:trojan-activity;sid:84547408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684309)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.87.55.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684309/; classtype:trojan-activity;sid:84547409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684274)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684274/; classtype:trojan-activity;sid:84547374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684275)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684275/; classtype:trojan-activity;sid:84547375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684263)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.spc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684263/; classtype:trojan-activity;sid:84547363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684258)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684258/; classtype:trojan-activity;sid:84547358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684259)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684259/; classtype:trojan-activity;sid:84547359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684260)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684260/; classtype:trojan-activity;sid:84547360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684261)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684261/; classtype:trojan-activity;sid:84547361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684262)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684262/; classtype:trojan-activity;sid:84547362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684255)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/debug"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684255/; classtype:trojan-activity;sid:84547355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684256)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684256/; classtype:trojan-activity;sid:84547356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684253)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.x86_64"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684253/; classtype:trojan-activity;sid:84547353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684250)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684250/; classtype:trojan-activity;sid:84547350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684251)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.i686"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684251/; classtype:trojan-activity;sid:84547351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684252)"; flow:established,from_client; content:"GET"; http_method; content:"/00101010101001/morte.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"ultrauraniummirai.ddns.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684252/; classtype:trojan-activity;sid:84547352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.69.61.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3684164/; classtype:trojan-activity;sid:84547264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684008)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.255.214.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3684008/; classtype:trojan-activity;sid:84547108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684000)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"198.55.109.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3684000/; classtype:trojan-activity;sid:84547100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683994)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.195.65.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683994/; classtype:trojan-activity;sid:84547094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683996)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.120.70.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683996/; classtype:trojan-activity;sid:84547096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683997)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"81.70.97.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683997/; classtype:trojan-activity;sid:84547097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.63.137.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683987/; classtype:trojan-activity;sid:84547087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.128.188.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683980/; classtype:trojan-activity;sid:84547080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.199.139.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683981/; classtype:trojan-activity;sid:84547081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.94.86.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683983/; classtype:trojan-activity;sid:84547083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.155.92.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683969/; classtype:trojan-activity;sid:84547069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.39.20.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683968/; classtype:trojan-activity;sid:84547068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683958)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.235.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683958/; classtype:trojan-activity;sid:84547058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683949)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.143.225.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683949/; classtype:trojan-activity;sid:84547049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683956)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"59.92.235.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683956/; classtype:trojan-activity;sid:84547056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683939)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"161.97.108.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683939/; classtype:trojan-activity;sid:84547039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683907)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7782139129/gl0ygtd.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"178.16.55.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683907/; classtype:trojan-activity;sid:84547007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683856/; classtype:trojan-activity;sid:84546956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.86.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683787/; classtype:trojan-activity;sid:84546887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683723)"; flow:established,from_client; content:"GET"; http_method; content:"/001010101010010110101011101010101101010111010101/debug"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"103.252.89.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683723/; classtype:trojan-activity;sid:84546823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683665)"; flow:established,from_client; content:"GET"; http_method; content:"/cmsjj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"globaltechbilling.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683665/; classtype:trojan-activity;sid:84546765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683576)"; flow:established,from_client; content:"GET"; http_method; content:"/dropper64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.46.152.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683576/; classtype:trojan-activity;sid:84546676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683567)"; flow:established,from_client; content:"GET"; http_method; content:"/onastroll-2000f5n/5vcye/releases/download/v1.2/launcher.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683567/; classtype:trojan-activity;sid:84546667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683554)"; flow:established,from_client; content:"GET"; http_method; content:"/sl/x"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.201.0.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683554/; classtype:trojan-activity;sid:84546654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683557)"; flow:established,from_client; content:"GET"; http_method; content:"/fire/wormb.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683557/; classtype:trojan-activity;sid:84546657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683558)"; flow:established,from_client; content:"GET"; http_method; content:"/sl/y"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.201.0.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683558/; classtype:trojan-activity;sid:84546658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683560)"; flow:established,from_client; content:"GET"; http_method; content:"/stealc.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683560/; classtype:trojan-activity;sid:84546660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683561)"; flow:established,from_client; content:"GET"; http_method; content:"/img/ksms/sc9ddc73jjhfjsh8cxs0d9xc23hjhj5j6jhj8bh876hfdf90gd900vb90brt90t0yr09asd03sfd0f0sd.txt"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683561/; classtype:trojan-activity;sid:84546661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683551)"; flow:established,from_client; content:"GET"; http_method; content:"/xiobv.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683551/; classtype:trojan-activity;sid:84546651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683457/; classtype:trojan-activity;sid:84546557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683253)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w64|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683253/; classtype:trojan-activity;sid:84546353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683254)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w32|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683254/; classtype:trojan-activity;sid:84546354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683250)"; flow:established,from_client; content:"GET"; http_method; content:"/swt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683250/; classtype:trojan-activity;sid:84546350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683215)"; flow:established,from_client; content:"GET"; http_method; content:"/1/items.dll"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.249.192.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683215/; classtype:trojan-activity;sid:84546315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683212)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.120.89.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683212/; classtype:trojan-activity;sid:84546312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683090)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netrip.ddns.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683090/; classtype:trojan-activity;sid:84546190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683070)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683070/; classtype:trojan-activity;sid:84546170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683052)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683052/; classtype:trojan-activity;sid:84546152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683053)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683053/; classtype:trojan-activity;sid:84546153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683054)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683054/; classtype:trojan-activity;sid:84546154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683055)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683055/; classtype:trojan-activity;sid:84546155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683056)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683056/; classtype:trojan-activity;sid:84546156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683057)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683057/; classtype:trojan-activity;sid:84546157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683063)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683063/; classtype:trojan-activity;sid:84546163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683050)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683050/; classtype:trojan-activity;sid:84546150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683049)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683049/; classtype:trojan-activity;sid:84546149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683048)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683048/; classtype:trojan-activity;sid:84546148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683026)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683026/; classtype:trojan-activity;sid:84546126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683029)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683029/; classtype:trojan-activity;sid:84546129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683030)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683030/; classtype:trojan-activity;sid:84546130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683033)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683033/; classtype:trojan-activity;sid:84546133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683034)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683034/; classtype:trojan-activity;sid:84546134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683035)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683035/; classtype:trojan-activity;sid:84546135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683036)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683036/; classtype:trojan-activity;sid:84546136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683038)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683038/; classtype:trojan-activity;sid:84546138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683041)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683041/; classtype:trojan-activity;sid:84546141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683044)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683044/; classtype:trojan-activity;sid:84546144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683010)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683010/; classtype:trojan-activity;sid:84546110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683011)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683011/; classtype:trojan-activity;sid:84546111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683012)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683012/; classtype:trojan-activity;sid:84546112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683013)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683013/; classtype:trojan-activity;sid:84546113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683014)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683014/; classtype:trojan-activity;sid:84546114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683015)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683015/; classtype:trojan-activity;sid:84546115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683016)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683016/; classtype:trojan-activity;sid:84546116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683017)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683017/; classtype:trojan-activity;sid:84546117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683018)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683018/; classtype:trojan-activity;sid:84546118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683019)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683019/; classtype:trojan-activity;sid:84546119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683020)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683020/; classtype:trojan-activity;sid:84546120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683021)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683021/; classtype:trojan-activity;sid:84546121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683022)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683022/; classtype:trojan-activity;sid:84546122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683023)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683023/; classtype:trojan-activity;sid:84546123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683024)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683024/; classtype:trojan-activity;sid:84546124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683025)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683025/; classtype:trojan-activity;sid:84546125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683009)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683009/; classtype:trojan-activity;sid:84546109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683008)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683008/; classtype:trojan-activity;sid:84546108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683005)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683005/; classtype:trojan-activity;sid:84546105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683006)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683006/; classtype:trojan-activity;sid:84546106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683007)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683007/; classtype:trojan-activity;sid:84546107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683004)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91-92-241-8.cprapid.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683004/; classtype:trojan-activity;sid:84546104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683002)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"my.com.au.debbiesimril.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683002/; classtype:trojan-activity;sid:84546102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682998)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682998/; classtype:trojan-activity;sid:84546098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682999)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682999/; classtype:trojan-activity;sid:84546099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683000)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683000/; classtype:trojan-activity;sid:84546100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682997)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682997/; classtype:trojan-activity;sid:84546097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682988)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682988/; classtype:trojan-activity;sid:84546088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682989)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682989/; classtype:trojan-activity;sid:84546089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682990)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682990/; classtype:trojan-activity;sid:84546090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682991)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682991/; classtype:trojan-activity;sid:84546091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682992)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682992/; classtype:trojan-activity;sid:84546092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682993)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682993/; classtype:trojan-activity;sid:84546093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682994)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682994/; classtype:trojan-activity;sid:84546094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682995)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682995/; classtype:trojan-activity;sid:84546095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682996)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682996/; classtype:trojan-activity;sid:84546096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682985)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682985/; classtype:trojan-activity;sid:84546085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682986)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682986/; classtype:trojan-activity;sid:84546086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682987)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"banking.bankaustria.at.dswcontracting.work"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682987/; classtype:trojan-activity;sid:84546087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682750)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kmro/kkdi99ew0cv03jdjfsdhj400df04sdxcv0we03220dcxvjs9f930sxcvj322jjsdf0sdf0sfxc0f032jdkfs.hta"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"23.95.117.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682750/; classtype:trojan-activity;sid:84545850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682747)"; flow:established,from_client; content:"GET"; http_method; content:"/0/items/optimized_msi_20251015_0601/optimized_msi.png"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"ia902802.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682747/; classtype:trojan-activity;sid:84545847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682745)"; flow:established,from_client; content:"GET"; http_method; content:"/extra_tool.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682745/; classtype:trojan-activity;sid:84545845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682744)"; flow:established,from_client; content:"GET"; http_method; content:"/cookautofdllopfire.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682744/; classtype:trojan-activity;sid:84545844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682742)"; flow:established,from_client; content:"GET"; http_method; content:"/my_new_dll.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682742/; classtype:trojan-activity;sid:84545842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682743)"; flow:established,from_client; content:"GET"; http_method; content:"/telegram_data_mover.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682743/; classtype:trojan-activity;sid:84545843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682741)"; flow:established,from_client; content:"GET"; http_method; content:"/processes.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682741/; classtype:trojan-activity;sid:84545841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682739)"; flow:established,from_client; content:"GET"; http_method; content:"/additional_tool.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682739/; classtype:trojan-activity;sid:84545839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682738)"; flow:established,from_client; content:"GET"; http_method; content:"/another_tool.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682738/; classtype:trojan-activity;sid:84545838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682728)"; flow:established,from_client; content:"GET"; http_method; content:"/filezilla.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682728/; classtype:trojan-activity;sid:84545828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682729)"; flow:established,from_client; content:"GET"; http_method; content:"/chrome_inject.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682729/; classtype:trojan-activity;sid:84545829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682730)"; flow:established,from_client; content:"GET"; http_method; content:"/steam_config_backup.dll"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682730/; classtype:trojan-activity;sid:84545830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682731)"; flow:established,from_client; content:"GET"; http_method; content:"/password_formatter.dll"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682731/; classtype:trojan-activity;sid:84545831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682732)"; flow:established,from_client; content:"GET"; http_method; content:"/walletsorterdll.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682732/; classtype:trojan-activity;sid:84545832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682733)"; flow:established,from_client; content:"GET"; http_method; content:"/info.dll"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682733/; classtype:trojan-activity;sid:84545833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682734)"; flow:established,from_client; content:"GET"; http_method; content:"/screenshot.dll"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682734/; classtype:trojan-activity;sid:84545834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682735)"; flow:established,from_client; content:"GET"; http_method; content:"/extentwallet.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682735/; classtype:trojan-activity;sid:84545835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682736)"; flow:established,from_client; content:"GET"; http_method; content:"/software.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682736/; classtype:trojan-activity;sid:84545836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682737)"; flow:established,from_client; content:"GET"; http_method; content:"/documentgrabber.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.46.152.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682737/; classtype:trojan-activity;sid:84545837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682722)"; flow:established,from_client; content:"GET"; http_method; content:"/e35680807f224aa98d8d15c5cccf0248_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682722/; classtype:trojan-activity;sid:84545822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682721)"; flow:established,from_client; content:"GET"; http_method; content:"/ivvo.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682721/; classtype:trojan-activity;sid:84545821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682719)"; flow:established,from_client; content:"GET"; http_method; content:"/1b59b8e525874a3e836f26345d0d42cb_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682719/; classtype:trojan-activity;sid:84545819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682718)"; flow:established,from_client; content:"GET"; http_method; content:"/71a590d6d4a144a4be1d58b9e919769b_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682718/; classtype:trojan-activity;sid:84545818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682716)"; flow:established,from_client; content:"GET"; http_method; content:"/a5f1c962a5df40249f344ea46e56bfea_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682716/; classtype:trojan-activity;sid:84545816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682717)"; flow:established,from_client; content:"GET"; http_method; content:"/saswa.bin"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682717/; classtype:trojan-activity;sid:84545817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682715)"; flow:established,from_client; content:"GET"; http_method; content:"/bubild.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682715/; classtype:trojan-activity;sid:84545815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682713)"; flow:established,from_client; content:"GET"; http_method; content:"/154c65a53e794aecbd54dc513b4c6a33_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682713/; classtype:trojan-activity;sid:84545813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682714)"; flow:established,from_client; content:"GET"; http_method; content:"/51d15381c5e74b9a8706fa7fd3fea133_build.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682714/; classtype:trojan-activity;sid:84545814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682707)"; flow:established,from_client; content:"GET"; http_method; content:"/d0ecb0ddeb0b4fbca3b423fb355721ed_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682707/; classtype:trojan-activity;sid:84545807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682708)"; flow:established,from_client; content:"GET"; http_method; content:"/1405f383e97449d388aa69dcc45ab7c2_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682708/; classtype:trojan-activity;sid:84545808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682709)"; flow:established,from_client; content:"GET"; http_method; content:"/e52ccdbdb1bd4e31b80b7ec1f38f9b84_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682709/; classtype:trojan-activity;sid:84545809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682710)"; flow:established,from_client; content:"GET"; http_method; content:"/wilde.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682710/; classtype:trojan-activity;sid:84545810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682711)"; flow:established,from_client; content:"GET"; http_method; content:"/36ac8231d2644a5a83063028eb99c8a4_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682711/; classtype:trojan-activity;sid:84545811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682712)"; flow:established,from_client; content:"GET"; http_method; content:"/bd9d4b5530bf46dfbb287fcfc78d68f6_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3682712/; classtype:trojan-activity;sid:84545812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"84.49.158.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682508/; classtype:trojan-activity;sid:84545608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.49.158.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682497/; classtype:trojan-activity;sid:84545597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682343)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kkn/sd99w090xcvjijsei000sdf09w0ef0cdf3iiuif920fs0f0sdf032fisidufiu0v0x9v090diudfg00909dfg00df.hta"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"23.95.117.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682343/; classtype:trojan-activity;sid:84545443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682337)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fnewdll.txt|3f|alt=media|7c|26|7c|token=2a7619df-4ea7-43d3-9c6e-b74be01ff67f"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682337/; classtype:trojan-activity;sid:84545437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682321)"; flow:established,from_client; content:"GET"; http_method; content:"/download/wp4055032-l-wallpapers_with_b64/wp4055032-l-wallpapers_with_b64.jpg"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"archive.org"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682321/; classtype:trojan-activity;sid:84545421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682316)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682316/; classtype:trojan-activity;sid:84545416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682317)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682317/; classtype:trojan-activity;sid:84545417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682293)"; flow:established,from_client; content:"GET"; http_method; content:"/img/ksms/sc9ddc73jjhfjsh8cxs0d9xc23hjhj5j6jhj8bh876hfdf90gd900vb90brt90t0yr09asd03sfd0f0sd.txt"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682293/; classtype:trojan-activity;sid:84545393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682271)"; flow:established,from_client; content:"GET"; http_method; content:"/5/items/msi-pro-with-b-64_20251015_1424/msi_pro_with_b64.png"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"ia801000.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682271/; classtype:trojan-activity;sid:84545371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682083)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost46quasarlightbuz/musical-palm-tree/releases/download/asas/launcher.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682083/; classtype:trojan-activity;sid:84545183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682073)"; flow:established,from_client; content:"GET"; http_method; content:"/vac"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682073/; classtype:trojan-activity;sid:84545173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682070)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682070/; classtype:trojan-activity;sid:84545170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682071)"; flow:established,from_client; content:"GET"; http_method; content:"/link"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682071/; classtype:trojan-activity;sid:84545171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682072)"; flow:established,from_client; content:"GET"; http_method; content:"/byte"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682072/; classtype:trojan-activity;sid:84545172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682064)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682064/; classtype:trojan-activity;sid:84545164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682056)"; flow:established,from_client; content:"GET"; http_method; content:"/spring"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682056/; classtype:trojan-activity;sid:84545156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682057)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682057/; classtype:trojan-activity;sid:84545157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682058)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682058/; classtype:trojan-activity;sid:84545158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682059)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682059/; classtype:trojan-activity;sid:84545159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682060)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682060/; classtype:trojan-activity;sid:84545160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682061)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682061/; classtype:trojan-activity;sid:84545161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682048)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682048/; classtype:trojan-activity;sid:84545148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682049)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682049/; classtype:trojan-activity;sid:84545149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682050)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682050/; classtype:trojan-activity;sid:84545150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682051)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682051/; classtype:trojan-activity;sid:84545151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682052)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682052/; classtype:trojan-activity;sid:84545152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682053)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682053/; classtype:trojan-activity;sid:84545153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682054)"; flow:established,from_client; content:"GET"; http_method; content:"/kvariant.arc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682054/; classtype:trojan-activity;sid:84545154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682055)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682055/; classtype:trojan-activity;sid:84545155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682042)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.241.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682042/; classtype:trojan-activity;sid:84545142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682007)"; flow:established,from_client; content:"GET"; http_method; content:"/crypted.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682007/; classtype:trojan-activity;sid:84545107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.110.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681991/; classtype:trojan-activity;sid:84545091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.110.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3681982/; classtype:trojan-activity;sid:84545082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.250.184.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681757/; classtype:trojan-activity;sid:84544857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681378)"; flow:established,from_client; content:"GET"; http_method; content:"/clipper.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681378/; classtype:trojan-activity;sid:84544478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681345)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"147.93.62.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681345/; classtype:trojan-activity;sid:84544445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681337)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.62.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681337/; classtype:trojan-activity;sid:84544437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681338)"; flow:established,from_client; content:"GET"; http_method; content:"/systemcl/arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"147.93.62.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_19; reference:url, urlhaus.abuse.ch/url/3681338/; classtype:trojan-activity;sid:84544438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.132.225.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681153/; classtype:trojan-activity;sid:84544253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681108)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681108/; classtype:trojan-activity;sid:84544208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681107)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681107/; classtype:trojan-activity;sid:84544207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681104)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681104/; classtype:trojan-activity;sid:84544204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681105)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681105/; classtype:trojan-activity;sid:84544205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681106)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681106/; classtype:trojan-activity;sid:84544206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681103)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681103/; classtype:trojan-activity;sid:84544203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681100)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86-debug"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681100/; classtype:trojan-activity;sid:84544200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681101)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681101/; classtype:trojan-activity;sid:84544201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681102)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681102/; classtype:trojan-activity;sid:84544202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681099)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681099/; classtype:trojan-activity;sid:84544199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681081)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681081/; classtype:trojan-activity;sid:84544181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681083)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681083/; classtype:trojan-activity;sid:84544183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681085)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681085/; classtype:trojan-activity;sid:84544185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681086)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681086/; classtype:trojan-activity;sid:84544186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681087)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681087/; classtype:trojan-activity;sid:84544187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681088)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681088/; classtype:trojan-activity;sid:84544188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681089)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681089/; classtype:trojan-activity;sid:84544189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681090)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681090/; classtype:trojan-activity;sid:84544190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681091)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681091/; classtype:trojan-activity;sid:84544191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681092)"; flow:established,from_client; content:"GET"; http_method; content:"/x86-debug"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681092/; classtype:trojan-activity;sid:84544192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681093)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681093/; classtype:trojan-activity;sid:84544193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681094)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681094/; classtype:trojan-activity;sid:84544194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681095)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681095/; classtype:trojan-activity;sid:84544195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681096)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/arc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681096/; classtype:trojan-activity;sid:84544196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681097)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681097/; classtype:trojan-activity;sid:84544197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681098)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.238.235.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681098/; classtype:trojan-activity;sid:84544198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681053)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.77.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681053/; classtype:trojan-activity;sid:84544153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681054)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"68.64.176.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681054/; classtype:trojan-activity;sid:84544154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681048)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681048/; classtype:trojan-activity;sid:84544148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681049)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.79.229.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681049/; classtype:trojan-activity;sid:84544149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681051)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"116.198.233.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681051/; classtype:trojan-activity;sid:84544151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681044)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681044/; classtype:trojan-activity;sid:84544144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681045)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.242.12.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681045/; classtype:trojan-activity;sid:84544145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681047)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"120.79.229.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681047/; classtype:trojan-activity;sid:84544147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.103.251.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681032/; classtype:trojan-activity;sid:84544132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681031)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"171.226.220.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681031/; classtype:trojan-activity;sid:84544131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681026)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"46.125.88.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681026/; classtype:trojan-activity;sid:84544126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.90.248.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681019/; classtype:trojan-activity;sid:84544119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.176.40.227"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681020/; classtype:trojan-activity;sid:84544120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.39.79.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681021/; classtype:trojan-activity;sid:84544121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681011)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.210.37.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681011/; classtype:trojan-activity;sid:84544111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681010)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.84.181.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681010/; classtype:trojan-activity;sid:84544110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680431)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost46quasarlightbuz/y8wmk/releases/download/dowz/cryptoalpha.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680431/; classtype:trojan-activity;sid:84543531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680429)"; flow:established,from_client; content:"GET"; http_method; content:"/checker/1.pdb"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lh24h7tp-5500.euw.devtunnels.ms"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680429/; classtype:trojan-activity;sid:84543529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680421)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/policy.js"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680421/; classtype:trojan-activity;sid:84543521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680422)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/terms-of-use.js"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680422/; classtype:trojan-activity;sid:84543522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680424)"; flow:established,from_client; content:"GET"; http_method; content:"/cheatclients/minere.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"193.233.175.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680424/; classtype:trojan-activity;sid:84543524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680426)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/rules.js"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680426/; classtype:trojan-activity;sid:84543526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680427)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office@master/license.js"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680427/; classtype:trojan-activity;sid:84543527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680328)"; flow:established,from_client; content:"GET"; http_method; content:"/f8nus4b/plugins/vnc.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680328/; classtype:trojan-activity;sid:84543428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680327)"; flow:established,from_client; content:"GET"; http_method; content:"/f8nus4b/plugins/clip.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680327/; classtype:trojan-activity;sid:84543427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680324)"; flow:established,from_client; content:"GET"; http_method; content:"/f8nus4b/plugins/clip64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680324/; classtype:trojan-activity;sid:84543424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680325)"; flow:established,from_client; content:"GET"; http_method; content:"/f8nus4b/plugins/cred64.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680325/; classtype:trojan-activity;sid:84543425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680326)"; flow:established,from_client; content:"GET"; http_method; content:"/f8nus4b/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"178.16.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680326/; classtype:trojan-activity;sid:84543426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680322)"; flow:established,from_client; content:"GET"; http_method; content:"/new/x64-setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680322/; classtype:trojan-activity;sid:84543422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680312)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680312/; classtype:trojan-activity;sid:84543412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680313)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680313/; classtype:trojan-activity;sid:84543413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680314)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680314/; classtype:trojan-activity;sid:84543414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680315)"; flow:established,from_client; content:"GET"; http_method; content:"/avtech.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680315/; classtype:trojan-activity;sid:84543415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680310)"; flow:established,from_client; content:"GET"; http_method; content:"/lil.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680310/; classtype:trojan-activity;sid:84543410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680311)"; flow:established,from_client; content:"GET"; http_method; content:"/gp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680311/; classtype:trojan-activity;sid:84543411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680309)"; flow:established,from_client; content:"GET"; http_method; content:"/tvt.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680309/; classtype:trojan-activity;sid:84543409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680304)"; flow:established,from_client; content:"GET"; http_method; content:"/lilin.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680304/; classtype:trojan-activity;sid:84543404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680305)"; flow:established,from_client; content:"GET"; http_method; content:"/toto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680305/; classtype:trojan-activity;sid:84543405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680306)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680306/; classtype:trojan-activity;sid:84543406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680308)"; flow:established,from_client; content:"GET"; http_method; content:"/uni"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.112.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680308/; classtype:trojan-activity;sid:84543408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680291)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/cred64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680291/; classtype:trojan-activity;sid:84543391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680288)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/vnc.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680288/; classtype:trojan-activity;sid:84543388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680289)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/clip64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680289/; classtype:trojan-activity;sid:84543389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680290)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/clip.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680290/; classtype:trojan-activity;sid:84543390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680287)"; flow:established,from_client; content:"GET"; http_method; content:"/h9djjcwefj/plugins/cred.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.92.242.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680287/; classtype:trojan-activity;sid:84543387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680266)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680266/; classtype:trojan-activity;sid:84543366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680265)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680265/; classtype:trojan-activity;sid:84543365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680264)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680264/; classtype:trojan-activity;sid:84543364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680262)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680262/; classtype:trojan-activity;sid:84543362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680257)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680257/; classtype:trojan-activity;sid:84543357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680258)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680258/; classtype:trojan-activity;sid:84543358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680256)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680256/; classtype:trojan-activity;sid:84543356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680248)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/photo.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680248/; classtype:trojan-activity;sid:84543348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680249)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/av.lnk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680249/; classtype:trojan-activity;sid:84543349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680250)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/android/video.lnk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680250/; classtype:trojan-activity;sid:84543350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680251)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680251/; classtype:trojan-activity;sid:84543351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680252)"; flow:established,from_client; content:"GET"; http_method; content:"/sda5/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.209.200.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680252/; classtype:trojan-activity;sid:84543352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.83.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679915/; classtype:trojan-activity;sid:84543015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679911)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.177.185.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679911/; classtype:trojan-activity;sid:84543011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679775)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/documents-release/office/rules.js"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679775/; classtype:trojan-activity;sid:84542875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.59.83.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679755/; classtype:trojan-activity;sid:84542855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679637)"; flow:established,from_client; content:"GET"; http_method; content:"/injector.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_17; reference:url, urlhaus.abuse.ch/url/3679637/; classtype:trojan-activity;sid:84542737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.84.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679537/; classtype:trojan-activity;sid:84542637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.139.62.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679484/; classtype:trojan-activity;sid:84542584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679407)"; flow:established,from_client; content:"GET"; http_method; content:"/img/ksms/sc9ddc73jjhfjsh8cxs0d9xc23hjhj5j6jhj8bh876hfdf90gd900vb90brt90t0yr09asd03sfd0f0sd.hta"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"23.95.103.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679407/; classtype:trojan-activity;sid:84542507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.90.248.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679304/; classtype:trojan-activity;sid:84542404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.124.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679278/; classtype:trojan-activity;sid:84542378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679261)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2frodita%20pe.txt|3f|alt=media|7c|26|7c|token=4d0ef261-f77d-400f-952d-34c41ee8d7f5"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679261/; classtype:trojan-activity;sid:84542361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679262)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/loloer3434.firebasestorage.app/o/cifrado%20fff3333%2fdllroda.txt|3f|alt=media|7c|26|7c|token=8b9a573d-2052-4ffd-963f-6d1e2e01398c"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679262/; classtype:trojan-activity;sid:84542362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679256)"; flow:established,from_client; content:"GET"; http_method; content:"/fire/wormb.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"178.16.54.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679256/; classtype:trojan-activity;sid:84542356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679158)"; flow:established,from_client; content:"GET"; http_method; content:"/notepad.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bmh-global.myfirewall.org"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679158/; classtype:trojan-activity;sid:84542258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679148)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpoint.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"igw.myfirewall.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679148/; classtype:trojan-activity;sid:84542248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679147)"; flow:established,from_client; content:"GET"; http_method; content:"/words.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igw.myfirewall.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679147/; classtype:trojan-activity;sid:84542247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679132)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.53.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_16; reference:url, urlhaus.abuse.ch/url/3679132/; classtype:trojan-activity;sid:84542232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3679015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.139.62.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3679015/; classtype:trojan-activity;sid:84542115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678940)"; flow:established,from_client; content:"GET"; http_method; content:"/prefiction.mp4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.sgeseducation.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678940/; classtype:trojan-activity;sid:84542040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678938)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"101.226.8.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678938/; classtype:trojan-activity;sid:84542038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.160.56.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678926/; classtype:trojan-activity;sid:84542026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"50.43.160.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678923/; classtype:trojan-activity;sid:84542023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678912)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"120.157.145.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678912/; classtype:trojan-activity;sid:84542012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678879)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678879/; classtype:trojan-activity;sid:84541979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678877)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678877/; classtype:trojan-activity;sid:84541977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678878)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678878/; classtype:trojan-activity;sid:84541978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678876)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678876/; classtype:trojan-activity;sid:84541976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678875)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678875/; classtype:trojan-activity;sid:84541975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678874)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678874/; classtype:trojan-activity;sid:84541974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678872)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678872/; classtype:trojan-activity;sid:84541972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678873)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678873/; classtype:trojan-activity;sid:84541973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678870)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678870/; classtype:trojan-activity;sid:84541970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678871)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678871/; classtype:trojan-activity;sid:84541971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678868)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678868/; classtype:trojan-activity;sid:84541968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678857)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.141.49.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678857/; classtype:trojan-activity;sid:84541957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678785)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251014233438.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pocopa.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678785/; classtype:trojan-activity;sid:84541885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678718)"; flow:established,from_client; content:"GET"; http_method; content:"/fdfb1bb517924e3280910056f13f2629_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678718/; classtype:trojan-activity;sid:84541818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678717)"; flow:established,from_client; content:"GET"; http_method; content:"/89dcdc5df83e4ee08674c83883f1d3fa_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678717/; classtype:trojan-activity;sid:84541817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678715)"; flow:established,from_client; content:"GET"; http_method; content:"/0677e1ddb1c848e3b2f078667cbba480_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678715/; classtype:trojan-activity;sid:84541815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678716)"; flow:established,from_client; content:"GET"; http_method; content:"/fa92389652d6433c91f2f6d072b9b8b0_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678716/; classtype:trojan-activity;sid:84541816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678714)"; flow:established,from_client; content:"GET"; http_method; content:"/5dd7127baf2b462bb09bcf362324695e_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678714/; classtype:trojan-activity;sid:84541814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678712)"; flow:established,from_client; content:"GET"; http_method; content:"/f65977f1753048c39a353d8df4590507_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678712/; classtype:trojan-activity;sid:84541812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678713)"; flow:established,from_client; content:"GET"; http_method; content:"/msnnsgbzjdd"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678713/; classtype:trojan-activity;sid:84541813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678708)"; flow:established,from_client; content:"GET"; http_method; content:"/11db870e78ae401d83af0ba258ac0f2c_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678708/; classtype:trojan-activity;sid:84541808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678709)"; flow:established,from_client; content:"GET"; http_method; content:"/57f86ddefbaf4f54b4b4df98a68cb759_crypted_build.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678709/; classtype:trojan-activity;sid:84541809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678710)"; flow:established,from_client; content:"GET"; http_method; content:"/de638fe6affb4b4bab8dc26273c6c083_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678710/; classtype:trojan-activity;sid:84541810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678711)"; flow:established,from_client; content:"GET"; http_method; content:"/82e8b327fe5541c28dd9608c85e676da_build.bin"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"176.46.152.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678711/; classtype:trojan-activity;sid:84541811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678611)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20251012232701.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pocopa.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678611/; classtype:trojan-activity;sid:84541711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678230)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678230/; classtype:trojan-activity;sid:84541330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678227)"; flow:established,from_client; content:"GET"; http_method; content:"/pulse"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678227/; classtype:trojan-activity;sid:84541327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678228)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678228/; classtype:trojan-activity;sid:84541328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678213)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678213/; classtype:trojan-activity;sid:84541313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678214/; classtype:trojan-activity;sid:84541314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678215)"; flow:established,from_client; content:"GET"; http_method; content:"/hnap"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678215/; classtype:trojan-activity;sid:84541315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678216)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678216/; classtype:trojan-activity;sid:84541316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678217)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678217/; classtype:trojan-activity;sid:84541317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678218)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678218/; classtype:trojan-activity;sid:84541318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678219)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678219/; classtype:trojan-activity;sid:84541319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678220)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678220/; classtype:trojan-activity;sid:84541320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678221)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678221/; classtype:trojan-activity;sid:84541321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678222)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678222/; classtype:trojan-activity;sid:84541322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678223)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678223/; classtype:trojan-activity;sid:84541323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678224)"; flow:established,from_client; content:"GET"; http_method; content:"/aws"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678224/; classtype:trojan-activity;sid:84541324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678225)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678225/; classtype:trojan-activity;sid:84541325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678208)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678208/; classtype:trojan-activity;sid:84541308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678209)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678209/; classtype:trojan-activity;sid:84541309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678210/; classtype:trojan-activity;sid:84541310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678211)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678211/; classtype:trojan-activity;sid:84541311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678212)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"64.91.237.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678212/; classtype:trojan-activity;sid:84541312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678204)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678204/; classtype:trojan-activity;sid:84541304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678206)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"simbhaolisugars.in"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678206/; classtype:trojan-activity;sid:84541306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhau